Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-06 | CVE-2020-36284 | Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 7.5 |
| 2021-04-06 | CVE-2020-23533 | Improper Verification of Cryptographic Signature vulnerability in Unionpayintl Union PAY Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | 7.5 |
| 2021-04-06 | CVE-2021-30130 | Improper Verification of Cryptographic Signature vulnerability in multiple products phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification. | 7.5 |
| 2021-03-24 | CVE-2021-1375 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. | 6.7 |
| 2021-03-08 | CVE-2020-23967 | Improper Verification of Cryptographic Signature vulnerability in Drweb Security Space 11.0/12.0 Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\SYSTEM due to insufficient control during autoupdate. | 7.8 |
| 2021-02-10 | CVE-2021-3033 | Improper Verification of Cryptographic Signature vulnerability in Paloaltonetworks Prisma Cloud An improper verification of cryptographic signature vulnerability exists in the Palo Alto Networks Prisma Cloud Compute console. | 9.8 |
| 2021-01-26 | CVE-2020-27540 | Improper Verification of Cryptographic Signature vulnerability in Company Cs-C2Shw Firmware 5.0.082.1 Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. | 9.8 |
| 2021-01-07 | CVE-2018-18689 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity avanquest foxitsoftware gonitro iskysoft pdf-xchange pdfforge qoppa sodapdf soft-xpansion tracker-software visagesoft CWE-347 | 5.3 |
| 2021-01-07 | CVE-2018-18688 | Improper Verification of Cryptographic Signature vulnerability in multiple products The Portable Document Format (PDF) specification does not provide any information regarding the concrete procedure of how to validate signatures. network low complexity code-industry foxitsoftware gonitro iskysoft libreoffice nuance qoppa soft-xpansion CWE-347 | 5.3 |
| 2020-12-09 | CVE-2020-28086 | Improper Verification of Cryptographic Signature vulnerability in Zx2C4 Password-Store pass through 1.7.3 has a possibility of using a password for an unintended resource. | 7.5 |