Vulnerabilities > Improper Verification of Cryptographic Signature
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-13 | CVE-2023-25718 | Improper Verification of Cryptographic Signature vulnerability in Connectwise Control 19.3.25270.7185/22.9.10032 In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (different) attacker-controlled executable file. | 9.8 |
| 2023-02-06 | CVE-2021-36226 | Improper Verification of Cryptographic Signature vulnerability in Westerndigital MY Cloud OS Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. | 9.8 |
| 2023-02-03 | CVE-2023-23940 | Improper Verification of Cryptographic Signature vulnerability in Openzeppelin Contracts OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. | 5.3 |
| 2023-02-01 | CVE-2022-34459 | Improper Verification of Cryptographic Signature vulnerability in Dell Alienware Update, Command Update and Update Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. | 7.8 |
| 2023-01-30 | CVE-2022-23334 | Improper Verification of Cryptographic Signature vulnerability in Ip-Label Newtest The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. | 9.8 |
| 2023-01-20 | CVE-2023-24025 | Improper Verification of Cryptographic Signature vulnerability in Pqclean Project Pqclean CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector. | 7.5 |
| 2022-12-28 | CVE-2020-36563 | Improper Verification of Cryptographic Signature vulnerability in Robotsandpencils Go-Saml XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. | 5.3 |
| 2022-12-22 | CVE-2022-23540 | Improper Verification of Cryptographic Signature vulnerability in Auth0 Jsonwebtoken In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. | 7.6 |
| 2022-12-19 | CVE-2022-47549 | Improper Verification of Cryptographic Signature vulnerability in Linaro Op-Tee An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. | 6.4 |
| 2022-11-01 | CVE-2022-42793 | Improper Verification of Cryptographic Signature vulnerability in Apple Ipados and Iphone OS An issue in code signature validation was addressed with improved checks. | 5.5 |