Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-28 | CVE-2020-36563 | Improper Verification of Cryptographic Signature vulnerability in Robotsandpencils Go-Saml XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. | 5.3 |
| 2022-12-22 | CVE-2022-23540 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Jsonwebtoken In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. | 7.6 |
| 2022-12-19 | CVE-2022-47549 | Improper Verification of Cryptographic Signature vulnerability in Linaro Op-Tee An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. | 6.4 |
| 2022-11-01 | CVE-2022-42793 | Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS An issue in code signature validation was addressed with improved checks. | 5.5 |
| 2022-10-28 | CVE-2022-39366 | Improper Verification of Cryptographic Signature vulnerability in Datahub Project Datahub DataHub is an open-source metadata platform. | 9.8 |
| 2022-10-28 | CVE-2022-3322 | Improper Verification of Cryptographic Signature vulnerability in Cloudflare Warp Mobile Client Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. | 7.5 |
| 2022-10-13 | CVE-2022-39300 | Improper Verification of Cryptographic Signature vulnerability in Node Saml Project Node Saml node SAML is a SAML 2.0 library based on the SAML implementation of passport-saml. | 8.1 |
| 2022-10-12 | CVE-2022-39299 | Improper Verification of Cryptographic Signature vulnerability in Passport-Saml Project Passport-Saml Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. | 8.1 |
| 2022-10-10 | CVE-2022-20944 | Improper Verification of Cryptographic Signature vulnerability in Cisco IOS XE A vulnerability in the software image verification functionality of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. | 6.8 |
| 2022-10-10 | CVE-2022-42010 | Improper Verification of Cryptographic Signature vulnerability in multiple products An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. | 6.5 |