Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-02 | CVE-2019-13177 | Improper Verification of Cryptographic Signature vulnerability in Django-Rest-Registration Project Django-Rest-Registration verification.py in django-rest-registration (aka Django REST Registration library) before 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote attackers to spoof the verification process. | 9.8 |
| 2019-06-04 | CVE-2019-5300 | Improper Verification of Cryptographic Signature vulnerability in Huawei products There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. | 6.7 |
| 2019-05-22 | CVE-2019-11841 | Improper Verification of Cryptographic Signature vulnerability in multiple products A message-forgery issue was discovered in crypto/openpgp/clearsign/clearsign.go in supplementary Go cryptography libraries 2019-03-25. | 5.9 |
| 2019-05-21 | CVE-2019-12269 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.11 allows PGP signature spoofing: for an inline PGP message, an attacker can cause the product to display a "correctly signed" message indication, but display different unauthenticated text. | 7.5 |
| 2019-05-16 | CVE-2019-8338 | Improper Verification of Cryptographic Signature vulnerability in Gpg-Pgp Project Gpg-Pgp 1.0/1.0(9) The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. | 5.9 |
| 2019-05-16 | CVE-2018-12556 | Improper Verification of Cryptographic Signature vulnerability in Yarnpkg Website 20180605 The signature verification routine in install.sh in yarnpkg/website through 2018-06-05 only verifies that the yarn release is signed by any (arbitrary) key in the local keyring of the user, and does not pin the signature to the yarn release key, which allows remote attackers to sign tampered yarn release packages with their own key. | 5.9 |
| 2019-05-15 | CVE-2019-1813 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. | 6.7 |
| 2019-05-15 | CVE-2019-1812 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. | 6.7 |
| 2019-05-15 | CVE-2019-1811 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os A vulnerability in the Image Signature Verification feature of Cisco NX-OS Software could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. | 6.7 |
| 2019-05-15 | CVE-2019-1810 | Improper Verification of Cryptographic Signature vulnerability in Cisco Nx-Os A vulnerability in the Image Signature Verification feature used in an NX-OS CLI command in Cisco Nexus 3000 Series and 9000 Series Switches could allow an authenticated, local attacker with administrator-level credentials to install a malicious software image on an affected device. | 6.7 |