Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-10 | CVE-2023-47122 | Improper Verification of Cryptographic Signature vulnerability in Sigstore Gitsign 0.6.0/0.7.0/0.7.1 Gitsign is software for keyless Git signing using Sigstore. | 5.3 |
| 2023-10-27 | CVE-2023-34058 | Improper Verification of Cryptographic Signature vulnerability in multiple products VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 |
| 2023-10-26 | CVE-2023-46234 | Improper Verification of Cryptographic Signature vulnerability in multiple products browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. | 7.5 |
| 2023-10-23 | CVE-2023-28796 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28804 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 5.3 |
| 2023-10-23 | CVE-2023-46324 | Improper Verification of Cryptographic Signature vulnerability in Free5Gc UDM pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. | 7.5 |
| 2023-10-10 | CVE-2023-43611 | Improper Verification of Cryptographic Signature vulnerability in F5 products The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.8 |
| 2023-09-27 | CVE-2023-43660 | Improper Verification of Cryptographic Signature vulnerability in Warpgate Project Warpgate Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. | 8.1 |
| 2023-09-22 | CVE-2023-42811 | Improper Verification of Cryptographic Signature vulnerability in multiple products aes-gcm is a pure Rust implementation of the AES-GCM. | 5.5 |
| 2023-09-21 | CVE-2023-42806 | Improper Verification of Cryptographic Signature vulnerability in Iohk Hydra Hydra is the layer-two scalability solution for Cardano. | 6.5 |