Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-30 | CVE-2020-7906 | Improper Verification of Cryptographic Signature vulnerability in Jetbrains Rider 2019.3.0 In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. | 7.5 |
| 2020-01-13 | CVE-2020-5390 | Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). | 7.5 |
| 2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 9.1 |
| 2019-12-25 | CVE-2019-19962 | Improper Verification of Cryptographic Signature vulnerability in Wolfssl wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography. | 7.5 |
| 2019-12-06 | CVE-2012-2092 | Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Cobbler A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | 5.9 |
| 2019-12-04 | CVE-2019-16753 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. | 7.5 |
| 2019-11-26 | CVE-2011-3374 | Improper Verification of Cryptographic Signature vulnerability in Debian Advanced Package Tool and Debian Linux It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | 3.7 |
| 2019-11-22 | CVE-2014-3585 | Improper Verification of Cryptographic Signature vulnerability in Redhat Enterprise Linux and Redhat-Upgrade-Tool redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | 9.8 |
| 2019-11-07 | CVE-2019-3465 | Improper Verification of Cryptographic Signature vulnerability in multiple products Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | 8.8 |
| 2019-09-30 | CVE-2019-16992 | Improper Verification of Cryptographic Signature vulnerability in Keybase 2.13.2 The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation. | 7.5 |