Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-24 | CVE-2018-5387 | Improper Verification of Cryptographic Signature vulnerability in Wizkunde Samlbase Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 5.0 |
| 2018-07-11 | CVE-2016-9604 | Improper Verification of Cryptographic Signature vulnerability in Linux Kernel It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. | 4.4 |
| 2018-07-05 | CVE-2018-10988 | Improper Verification of Cryptographic Signature vulnerability in Diqee Diqee360 Firmware An issue was discovered on Diqee Diqee360 devices. | 7.2 |
| 2018-06-26 | CVE-2018-1000539 | Improper Verification of Cryptographic Signature vulnerability in Json-Jwt Project Json-Jwt Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. | 5.0 |
| 2018-06-15 | CVE-2018-12356 | Improper Verification of Cryptographic Signature vulnerability in Simple Password Store Project Simple Password Store An issue was discovered in password-store.sh in pass in Simple Password Store 1.7.x before 1.7.2. | 7.5 |
| 2018-06-13 | CVE-2018-12019 | Improper Verification of Cryptographic Signature vulnerability in Enigmail The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids. | 5.0 |
| 2018-06-13 | CVE-2018-10407 | Improper Verification of Cryptographic Signature vulnerability in Carbonblack Carbon Black CB An issue was discovered in Carbon Black Cb Response. | 4.3 |
| 2018-06-12 | CVE-2018-10470 | Improper Verification of Cryptographic Signature vulnerability in Objective Development Little Snitch Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. | 5.3 |
| 2018-06-04 | CVE-2017-16005 | Improper Verification of Cryptographic Signature vulnerability in Joyent Http-Signature Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". | 5.0 |
| 2018-06-04 | CVE-2016-1000342 | Improper Verification of Cryptographic Signature vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. | 5.0 |