Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-20 | CVE-2017-11400 | Improper Verification of Cryptographic Signature vulnerability in Belden Tofino Xenon Security Appliance Firmware An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. | 7.2 |
| 2017-11-16 | CVE-2017-16853 | Improper Verification of Cryptographic Signature vulnerability in multiple products The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka CPPOST-105. | 8.1 |
| 2017-11-16 | CVE-2017-16852 | Improper Verification of Cryptographic Signature vulnerability in multiple products shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity periods, and other checks specific to deployments, aka SSPCPP-763. | 8.1 |
| 2017-10-27 | CVE-2017-5066 | Improper Verification of Cryptographic Signature vulnerability in multiple products Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page. | 6.5 |
| 2017-08-20 | CVE-2017-12974 | Improper Verification of Cryptographic Signature vulnerability in Connect2Id Nimbus Jose+Jwt Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation. | 7.5 |
| 2017-06-30 | CVE-2017-10669 | Improper Verification of Cryptographic Signature vulnerability in Xoev Osci Transport Library 1.6/1.6.1 Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). | 6.4 |
| 2017-05-16 | CVE-2014-9934 | Improper Verification of Cryptographic Signature vulnerability in Google Android A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | 9.3 |
| 2017-04-02 | CVE-2017-2423 | Improper Verification of Cryptographic Signature vulnerability in Apple Iphone OS and mac OS X An issue was discovered in certain Apple products. | 7.5 |
| 2017-03-14 | CVE-2016-8021 | Improper Verification of Cryptographic Signature vulnerability in Mcafee Virusscan Enterprise Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file. | 3.5 |
| 2014-03-19 | CVE-2014-1498 | Improper Verification of Cryptographic Signature vulnerability in multiple products The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm. | 5.0 |