Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-26 | CVE-2018-1000539 | Improper Verification of Cryptographic Signature vulnerability in Json-Jwt Project Json-Jwt Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. | 5.3 |
| 2018-06-15 | CVE-2018-12356 | Improper Verification of Cryptographic Signature vulnerability in Simple Password Store Project Simple Password Store 1.7.1 An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. | 9.8 |
| 2018-06-13 | CVE-2018-12019 | Improper Verification of Cryptographic Signature vulnerability in Enigmail The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 7.5 |
| 2018-06-13 | CVE-2018-10407 | Improper Verification of Cryptographic Signature vulnerability in Carbonblack Carbon Black CB An issue was discovered in Carbon Black Cb Response. | 5.5 |
| 2018-06-12 | CVE-2018-10470 | Improper Verification of Cryptographic Signature vulnerability in Objective Development Little Snitch Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. | 5.3 |
| 2018-06-04 | CVE-2017-16005 | Improper Verification of Cryptographic Signature vulnerability in Joyent Http-Signature Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". | 7.5 |
| 2018-06-04 | CVE-2016-1000342 | Improper Verification of Cryptographic Signature vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. | 7.5 |
| 2018-06-01 | CVE-2016-1000338 | Improper Verification of Cryptographic Signature vulnerability in multiple products In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. | 7.5 |
| 2018-06-01 | CVE-2018-3756 | Improper Verification of Cryptographic Signature vulnerability in Hyperledger Iroha 1.0/1.0.0 Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures. | 7.5 |
| 2018-05-25 | CVE-2018-6664 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Data Loss Prevention Endpoint Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | 8.8 |