Vulnerabilities > Improper Verification of Cryptographic Signature

DATE CVE VULNERABILITY TITLE RISK
2020-12-07 CVE-2020-26122 Improper Verification of Cryptographic Signature vulnerability in Inspur products
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges.
network
low complexity
inspur CWE-347
7.2
2020-12-02 CVE-2020-26244 Improper Verification of Cryptographic Signature vulnerability in Python Openid Connect Project Python Openid Connect
Python oic is a Python OpenID Connect implementation.
network
high complexity
python-openid-connect-project CWE-347
6.8
2020-11-30 CVE-2020-29438 Improper Verification of Cryptographic Signature vulnerability in Tesla Model X Firmware
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification.
low complexity
tesla CWE-347
6.5
2020-11-09 CVE-2020-8133 Improper Verification of Cryptographic Signature vulnerability in Nextcloud Server 19.0.1
A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an attacker to overwrite blocks in a file.
network
low complexity
nextcloud CWE-347
5.3
2020-11-02 CVE-2020-28045 Improper Verification of Cryptographic Signature vulnerability in PAX Prolinos 2.4.161.8859R
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R.
local
low complexity
pax CWE-347
7.8
2020-11-02 CVE-2020-28042 Improper Verification of Cryptographic Signature vulnerability in Servicestack
ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature.
network
low complexity
servicestack CWE-347
5.3
2020-10-29 CVE-2020-11488 Improper Verification of Cryptographic Signature vulnerability in Intel BMC Firmware 1.06.06/2.47
NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution.
local
low complexity
intel CWE-347
6.7
2020-10-27 CVE-2019-8901 Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.
network
low complexity
apple CWE-347
6.5
2020-10-21 CVE-2020-15240 Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.
network
low complexity
auth0 CWE-347
critical
9.1
2020-10-02 CVE-2020-12676 Improper Verification of Cryptographic Signature vulnerability in Fusionauth Samlv2 0.2.3
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
network
low complexity
fusionauth CWE-347
critical
9.1