Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-26 | CVE-2018-18653 | Improper Verification of Cryptographic Signature vulnerability in Canonical Ubuntu Linux 18.10 The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. | 7.2 |
| 2018-10-24 | CVE-2018-8955 | Improper Verification of Cryptographic Signature vulnerability in Bitdefender Gravityzone The installer for BitDefender GravityZone relies on an encoded string in a filename to determine the URL for installation metadata, which allows remote attackers to execute arbitrary code by changing the filename while leaving the file's digital signature unchanged. | 7.5 |
| 2018-10-05 | CVE-2018-15374 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE 16.6.1 A vulnerability in the Image Verification feature of Cisco IOS XE Software could allow an authenticated, local attacker to install a malicious software image or file on an affected device. | 7.2 |
| 2018-09-26 | CVE-2018-16152 | Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. | 7.5 |
| 2018-09-26 | CVE-2018-16151 | Improper Verification of Cryptographic Signature vulnerability in multiple products In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data after the encoded algorithm OID during PKCS#1 v1.5 signature verification. | 7.5 |
| 2018-09-26 | CVE-2018-15836 | Improper Verification of Cryptographic Signature vulnerability in Xelerance Openswan In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. | 5.0 |
| 2018-09-18 | CVE-2018-16515 | Improper Verification of Cryptographic Signature vulnerability in multiple products Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation. | 8.8 |
| 2018-08-31 | CVE-2018-7685 | Improper Verification of Cryptographic Signature vulnerability in Opensuse Libzypp The decoupled download and installation steps in libzypp before 17.5.0 could lead to a corrupted RPM being left in the cache, where a later call would not display the corrupted RPM warning and allow installation, a problem caused by malicious warnings only displayed during download. | 7.8 |
| 2018-08-21 | CVE-2018-0501 | Improper Verification of Cryptographic Signature vulnerability in multiple products The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail. | 5.9 |
| 2018-08-07 | CVE-2018-5383 | Improper Verification of Cryptographic Signature vulnerability in multiple products Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. | 4.3 |