Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-15 | CVE-2020-1026 | Improper Verification of Cryptographic Signature vulnerability in Microsoft Research Javascript Cryptography Library 1.4 A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'. | 9.8 |
| 2020-04-07 | CVE-2016-11044 | Improper Verification of Cryptographic Signature vulnerability in Google Android 5.0/5.1/6.0 An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software. | 7.8 |
| 2020-03-30 | CVE-2019-17561 | Improper Verification of Cryptographic Signature vulnerability in multiple products The "Apache NetBeans" autoupdate system does not fully validate code signatures. | 7.5 |
| 2020-03-27 | CVE-2015-7336 | Improper Verification of Cryptographic Signature vulnerability in Lenovo System Update MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. | 7.5 |
| 2020-03-26 | CVE-2019-15796 | Improper Verification of Cryptographic Signature vulnerability in multiple products Python-apt doesn't check if hashes are signed in `Version.fetch_binary()` and `Version.fetch_source()` of apt/package.py or in `_fetch_archives()` of apt/cache.py in version 1.9.3ubuntu2 and earlier. | 4.7 |
| 2020-03-24 | CVE-2019-20597 | Improper Verification of Cryptographic Signature vulnerability in Google Android An issue was discovered on Samsung mobile devices with N(7.1), O(8.x), and P(9.0) software. | 9.1 |
| 2020-03-09 | CVE-2020-2146 | Improper Verification of Cryptographic Signature vulnerability in Jenkins mac Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. | 7.4 |
| 2020-02-20 | CVE-2020-9283 | Improper Verification of Cryptographic Signature vulnerability in multiple products golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. | 7.5 |
| 2020-02-19 | CVE-2020-3138 | Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise Network Function Virtualization Infrastructure A vulnerability in the upgrade component of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to install a malicious file when upgrading. | 6.7 |
| 2020-02-05 | CVE-2020-6174 | Improper Verification of Cryptographic Signature vulnerability in Linuxfoundation the Update Framework TUF (aka The Update Framework) through 0.12.1 has Improper Verification of a Cryptographic Signature. | 9.8 |