Vulnerabilities > Improper Verification of Cryptographic Signature
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-27 | CVE-2019-8901 | Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS This issue was addressed by verifying host keys when connecting to a previously-known SSH server. | 4.0 |
2020-10-21 | CVE-2020-15240 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0 omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. | 5.8 |
2020-10-16 | CVE-2020-16922 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products <p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. | 5.3 |
2020-10-02 | CVE-2020-12676 | Improper Verification of Cryptographic Signature vulnerability in Fusionauth Samlv2 0.2.3 FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack". | 6.4 |
2020-10-02 | CVE-2020-26540 | Improper Verification of Cryptographic Signature vulnerability in Foxitsoftware Foxit Reader and Phantompdf An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. | 5.0 |
2020-09-29 | CVE-2020-15216 | Improper Verification of Cryptographic Signature vulnerability in multiple products In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. | 6.5 |
2020-09-23 | CVE-2020-14365 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. | 6.6 |
2020-09-23 | CVE-2019-1736 | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. | 6.9 |
2020-09-17 | CVE-2020-25490 | Improper Verification of Cryptographic Signature vulnerability in Sqreen PHP Microagent Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | 7.5 |
2020-09-16 | CVE-2020-14515 | Improper Verification of Cryptographic Signature vulnerability in Wibu Codemeter 6.50A/6.81 CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor. | 5.0 |