Vulnerabilities > Improper Verification of Cryptographic Signature

DATE CVE VULNERABILITY TITLE RISK
2020-10-27 CVE-2019-8901 Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS
This issue was addressed by verifying host keys when connecting to a previously-known SSH server.
network
low complexity
apple CWE-347
4.0
2020-10-21 CVE-2020-15240 Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.
network
auth0 CWE-347
5.8
2020-10-16 CVE-2020-16922 Improper Verification of Cryptographic Signature vulnerability in Microsoft products
<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures.
local
low complexity
microsoft CWE-347
5.3
2020-10-02 CVE-2020-12676 Improper Verification of Cryptographic Signature vulnerability in Fusionauth Samlv2 0.2.3
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
network
low complexity
fusionauth CWE-347
6.4
2020-10-02 CVE-2020-26540 Improper Verification of Cryptographic Signature vulnerability in Foxitsoftware Foxit Reader and Phantompdf
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS.
network
low complexity
foxitsoftware CWE-347
5.0
2020-09-29 CVE-2020-15216 Improper Verification of Cryptographic Signature vulnerability in multiple products
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one.
network
low complexity
goxmldsig-project fedoraproject CWE-347
6.5
2020-09-23 CVE-2020-14365 Improper Verification of Cryptographic Signature vulnerability in multiple products
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module.
local
low complexity
redhat debian CWE-347
6.6
2020-09-23 CVE-2019-1736 Improper Verification of Cryptographic Signature vulnerability in Cisco products
A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device.
local
cisco CWE-347
6.9
2020-09-17 CVE-2020-25490 Improper Verification of Cryptographic Signature vulnerability in Sqreen PHP Microagent
Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine.
network
low complexity
sqreen CWE-347
7.5
2020-09-16 CVE-2020-14515 Improper Verification of Cryptographic Signature vulnerability in Wibu Codemeter 6.50A/6.81
CodeMeter (All versions prior to 6.90 when using CmActLicense update files with CmActLicense Firm Code) has an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files, including forging a valid license file as if it were a valid license file of an existing vendor.
network
low complexity
wibu CWE-347
5.0