Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-25 | CVE-2019-2278 | Improper Verification of Cryptographic Signature vulnerability in Qualcomm products User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660 | 7.8 |
| 2019-07-25 | CVE-2019-1010161 | Improper Verification of Cryptographic Signature vulnerability in Perl-Crypt-Jwt Project Perl-Crypt-Jwt perl-CRYPT-JWT 0.022 and earlier is affected by: Incorrect Access Control. | 9.8 |
| 2019-07-18 | CVE-2019-1010279 | Improper Verification of Cryptographic Signature vulnerability in Oisf Suricata Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. | 7.5 |
| 2019-07-17 | CVE-2019-1010263 | Improper Verification of Cryptographic Signature vulnerability in Perl Crypt::Jwt Project Perl Crypt::Jwt Perl Crypt::JWT prior to 0.023 is affected by: Incorrect Access Control. | 9.8 |
| 2019-07-02 | CVE-2019-13177 | Improper Verification of Cryptographic Signature vulnerability in Django-Rest-Registration Project Django-Rest-Registration verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. | 9.8 |
| 2019-06-04 | CVE-2019-5300 | Improper Verification of Cryptographic Signature vulnerability in Huawei products There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. | 6.7 |
| 2019-05-22 | CVE-2019-11841 | Improper Verification of Cryptographic Signature vulnerability in multiple products A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. | 5.9 |
| 2019-05-21 | CVE-2019-12269 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | 7.5 |
| 2019-05-16 | CVE-2019-8338 | Improper Verification of Cryptographic Signature vulnerability in Gpg-Pgp Project Gpg-Pgp 1.0/1.0(9) The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. | 5.9 |
| 2019-05-16 | CVE-2018-12556 | Improper Verification of Cryptographic Signature vulnerability in Yarnpkg Website 20180605 The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn release packages with their own key. | 5.9 |