Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-5066 | Improper Verification of Cryptographic Signature vulnerability in multiple products Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. | 6.5 |
| 2017-08-20 | CVE-2017-12974 | Improper Verification of Cryptographic Signature vulnerability in Connect2Id Nimbus Jose+Jwt Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. | 7.5 |
| 2017-06-30 | CVE-2017-10669 | Improper Verification of Cryptographic Signature vulnerability in Xoev Osci Transport Library 1.6/1.6.1 Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). | 6.5 |
| 2017-05-16 | CVE-2014-9934 | Improper Verification of Cryptographic Signature vulnerability in Google Android A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | 7.8 |
| 2017-04-02 | CVE-2017-2423 | Improper Verification of Cryptographic Signature vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 9.8 |
| 2017-03-14 | CVE-2016-8021 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | 5.0 |
| 2013-12-11 | CVE-2013-3900 | Improper Verification of Cryptographic Signature vulnerability in Microsoft products Why is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update the Security Updates table and to inform customers that the EnableCertPaddingCheck is available in all currently supported versions of Windows 10 and Windows 11. | 8.8 |
| 2005-07-11 | CVE-2005-2182 | Improper Verification of Cryptographic Signature vulnerability in Grandstream Bt-100 Firmware Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
| 2005-07-11 | CVE-2005-2181 | Improper Verification of Cryptographic Signature vulnerability in Cisco IP Phone 7940 Firmware and IP Phone 7960 Firmware Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message. | 7.5 |
| 2002-12-31 | CVE-2002-1796 | Improper Verification of Cryptographic Signature vulnerability in HP Chaivm Ezloader ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services. | 7.8 |