Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-11 | CVE-2018-15586 | Improper Verification of Cryptographic Signature vulnerability in Enigmail Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email. | 6.5 |
| 2019-01-18 | CVE-2018-16042 | Improper Verification of Cryptographic Signature vulnerability in multiple products Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a security bypass vulnerability. | 6.5 |
| 2018-11-28 | CVE-2018-18203 | Improper Verification of Cryptographic Signature vulnerability in Subaru products A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker (with physical access to the vehicle's USB ports) the ability to rewrite the firmware of the head unit. | 6.4 |
| 2018-11-09 | CVE-2018-1842 | Improper Verification of Cryptographic Signature vulnerability in multiple products IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. | 3.6 |
| 2018-11-07 | CVE-2018-16253 | Improper Verification of Cryptographic Signature vulnerability in Axtls Project Axtls In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. | 5.9 |
| 2018-11-07 | CVE-2018-16150 | Improper Verification of Cryptographic Signature vulnerability in Axtls Project Axtls In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. | 5.9 |
| 2018-11-07 | CVE-2018-16149 | Improper Verification of Cryptographic Signature vulnerability in Axtls Project Axtls In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. | 5.9 |
| 2018-10-26 | CVE-2018-18653 | Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Linux 18.10 The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. | 7.8 |
| 2018-10-24 | CVE-2018-8955 | Improper Verification of Cryptographic Signature vulnerability in Bitdefender Gravityzone The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | 9.8 |
| 2018-10-05 | CVE-2018-15374 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE 16.6.1 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. | 6.7 |