Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-16 | CVE-2023-28113 | Improper Verification of Cryptographic Signature vulnerability in Russh Project Russh russh is a Rust SSH client and server library. | 5.9 |
| 2023-03-10 | CVE-2022-20929 | Improper Verification of Cryptographic Signature vulnerability in Cisco Enterprise NFV Infrastructure Software A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. | 7.8 |
| 2023-02-28 | CVE-2023-20940 | Improper Verification of Cryptographic Signature vulnerability in Google Android 13.0 In the Android operating system, there is a possible way to replace a boot partition due to improperly used crypto. | 7.8 |
| 2023-02-16 | CVE-2021-43074 | Improper Verification of Cryptographic Signature vulnerability in Fortinet products An improper verification of cryptographic signature vulnerability [CWE-347] in FortiWeb 6.4 all versions, 6.3.16 and below, 6.2 all versions, 6.1 all versions, 6.0 all versions; FortiOS 7.0.3 and below, 6.4.8 and below, 6.2 all versions, 6.0 all versions; FortiSwitch 7.0.3 and below, 6.4.10 and below, 6.2 all versions, 6.0 all versions; FortiProxy 7.0.1 and below, 2.0.7 and below, 1.2 all versions, 1.1 all versions, 1.0 all versions may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter. | 4.3 |
| 2023-02-13 | CVE-2023-25718 | Improper Verification of Cryptographic Signature vulnerability in Connectwise Control 19.3.25270.7185/22.9.10032 In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. | 9.8 |
| 2023-02-06 | CVE-2021-36226 | Improper Verification of Cryptographic Signature vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. | 9.8 |
| 2023-02-03 | CVE-2023-23940 | Improper Verification of Cryptographic Signature vulnerability in Openzeppelin Contracts OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. | 5.3 |
| 2023-02-01 | CVE-2022-34459 | Improper Verification of Cryptographic Signature vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. | 7.8 |
| 2023-01-30 | CVE-2022-23334 | Improper Verification of Cryptographic Signature vulnerability in Ip-Label Newtest The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. | 9.8 |
| 2023-01-20 | CVE-2023-24025 | Improper Verification of Cryptographic Signature vulnerability in Pqclean Project Pqclean CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. | 7.5 |