Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-21 | CVE-2018-0501 | Improper Verification of Cryptographic Signature vulnerability in multiple products The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | 5.9 |
| 2018-08-07 | CVE-2018-5383 | Improper Verification of Cryptographic Signature vulnerability in multiple products Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | 6.8 |
| 2018-07-24 | CVE-2018-5387 | Improper Verification of Cryptographic Signature vulnerability in Wizkunde Samlbase Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 7.5 |
| 2018-07-11 | CVE-2016-9604 | Improper Verification of Cryptographic Signature vulnerability in Linux Kernel It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. | 4.4 |
| 2018-07-05 | CVE-2018-10988 | Improper Verification of Cryptographic Signature vulnerability in Diqee Diqee360 Firmware An issue was discovered on Diqee Diqee360 devices. | 7.8 |
| 2018-06-26 | CVE-2018-1000539 | Improper Verification of Cryptographic Signature vulnerability in Json-Jwt Project Json-Jwt Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. | 5.3 |
| 2018-06-15 | CVE-2018-12356 | Improper Verification of Cryptographic Signature vulnerability in Simple Password Store Project Simple Password Store 1.7.1 An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. | 9.8 |
| 2018-06-13 | CVE-2018-12019 | Improper Verification of Cryptographic Signature vulnerability in Enigmail The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 7.5 |
| 2018-06-13 | CVE-2018-10407 | Improper Verification of Cryptographic Signature vulnerability in Carbonblack Carbon Black CB An issue was discovered in Carbon Black Cb Response. | 5.5 |
| 2018-06-12 | CVE-2018-10470 | Improper Verification of Cryptographic Signature vulnerability in Objective Development Little Snitch Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. | 5.3 |