Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-11488 | Improper Verification of Cryptographic Signature vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. | 6.7 |
| 2020-10-27 | CVE-2019-8901 | Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS This issue was addressed by verifying host keys when connecting to a previously-known SSH server. | 6.5 |
| 2020-10-21 | CVE-2020-15240 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0 omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. | 9.1 |
| 2020-10-02 | CVE-2020-12676 | Improper Verification of Cryptographic Signature vulnerability in Fusionauth Samlv2 0.2.3 FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". | 9.1 |
| 2020-10-02 | CVE-2020-26540 | Improper Verification of Cryptographic Signature vulnerability in Foxitsoftware Foxit Reader and Phantompdf An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. | 7.5 |
| 2020-09-29 | CVE-2020-15216 | Improper Verification of Cryptographic Signature vulnerability in multiple products In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. | 6.5 |
| 2020-09-23 | CVE-2019-1736 | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. | 6.6 |
| 2020-09-17 | CVE-2020-25490 | Improper Verification of Cryptographic Signature vulnerability in Sqreen PHP Microagent Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | 7.3 |
| 2020-09-08 | CVE-2019-10562 | Improper Verification of Cryptographic Signature vulnerability in Qualcomm products u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MSM8998, Nicobar, QCS404, QCS605, QCS610, Rennell, SA415M, SA6155P, SC7180, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | 7.8 |
| 2020-08-31 | CVE-2020-13593 | Improper Verification of Cryptographic Signature vulnerability in TI Simplelink-Cc2640R2 Software Development KIT 2.2.3 The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation in Texas Instruments SimpleLink SIMPLELINK-CC2640R2-SDK through 2.2.3 allows the Diffie-Hellman check during the Secure Connection pairing to be skipped if the Link Layer encryption setup is performed earlier. | 8.8 |