Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-13 | CVE-2020-5390 | Improper Verification of Cryptographic Signature vulnerability in multiple products PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). | 7.5 |
| 2020-01-02 | CVE-2019-14859 | Improper Verification of Cryptographic Signature vulnerability in multiple products A flaw was found in all python-ecdsa versions before 0.13.3, where it did not correctly verify whether signatures used DER encoding. | 6.4 |
| 2019-12-13 | CVE-2019-16732 | Improper Verification of Cryptographic Signature vulnerability in multiple products Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | 9.3 |
| 2019-12-06 | CVE-2012-2092 | Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Cobbler A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature. | 4.3 |
| 2019-12-04 | CVE-2019-16753 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. | 5.0 |
| 2019-11-26 | CVE-2011-3374 | Improper Verification of Cryptographic Signature vulnerability in Debian Advanced Package Tool and Debian Linux It was found that apt-key in apt, all versions, do not correctly validate gpg keys with the master keyring, leading to a potential man-in-the-middle attack. | 4.3 |
| 2019-11-22 | CVE-2014-3585 | Improper Verification of Cryptographic Signature vulnerability in Redhat Enterprise Linux and Redhat-Upgrade-Tool redhat-upgrade-tool: Does not check GPG signatures when upgrading versions | 9.8 |
| 2019-11-07 | CVE-2019-3465 | Improper Verification of Cryptographic Signature vulnerability in multiple products Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message. | 8.8 |
| 2019-09-30 | CVE-2019-16992 | Improper Verification of Cryptographic Signature vulnerability in Keybase 2.13.2 The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation (that an address at keybase.io can be used for Stellar payments to the user), which might be incompatible with a user's personal position on the semantics of an attestation. | 5.0 |
| 2019-09-27 | CVE-2019-11755 | Improper Verification of Cryptographic Signature vulnerability in Mozilla Thunderbird A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted message. | 5.0 |