Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11755 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. | 7.5 |
| 2019-09-25 | CVE-2019-12662 | Improper Verification of Cryptographic Signature vulnerability in Cisco products A vulnerability in Cisco NX-OS Software and Cisco IOS XE Software could allow an authenticated, local attacker with valid administrator or privilege level 15 credentials to load a virtual service image and bypass signature verification on an affected device. | 6.7 |
| 2019-09-25 | CVE-2019-12649 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS and IOS XE A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install and boot a malicious software image or execute unsigned binaries on an affected device. | 6.7 |
| 2019-08-26 | CVE-2019-15545 | Improper Verification of Cryptographic Signature vulnerability in Libp2P An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. | 7.5 |
| 2019-08-23 | CVE-2019-5592 | Improper Verification of Cryptographic Signature vulnerability in Fortinet Fortios IPS Engine Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position. | 5.9 |
| 2019-08-22 | CVE-2019-9154 | Improper Verification of Cryptographic Signature vulnerability in Openpgpjs Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to pass off unsigned data as signed. | 7.5 |
| 2019-08-22 | CVE-2019-9153 | Improper Verification of Cryptographic Signature vulnerability in Openpgpjs Improper Verification of a Cryptographic Signature in OpenPGP.js <=4.1.2 allows an attacker to forge signed messages by replacing its signatures with a "standalone" or "timestamp" signature. | 7.5 |
| 2019-08-14 | CVE-2019-10201 | Improper Verification of Cryptographic Signature vulnerability in Redhat Keycloak and Single Sign-On It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. | 8.1 |
| 2019-08-13 | CVE-2019-5299 | Improper Verification of Cryptographic Signature vulnerability in Huawei Hima-Al00B Firmware 9.0.0.200(C00E200R2P1) Huawei mobile phones Hima-AL00Bhave with Versions earlier than HMA-AL00C00B175 have a signature verification bypass vulnerability. | 7.8 |
| 2019-08-02 | CVE-2017-18407 | Improper Verification of Cryptographic Signature vulnerability in Cpanel cPanel before 67.9999.103 does not enforce SSL hostname verification for the support-agreement download (SEC-279). | 4.8 |