Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

CVEs (675)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-23460 1Zscaler 1Client Connector Aug 7, 2024 Aug 6, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.
CVE-2024-23456 1Zscaler 1Client Connector Aug 7, 2024 Aug 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.
CVE-2023-28806 1Zscaler 1Client Connector Aug 7, 2024 Aug 6, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.
CVE-2024-42461 1Elliptic Project 1Elliptic Nov 3, 2025 Aug 2, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.
CVE-2024-42459 1Indutny 1Elliptic Nov 3, 2025 Aug 2, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.
CVE-2024-41258 1Filestash 1Filestash Mar 13, 2025 Jul 31, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2024-41254 1Litestream 1Litestream Oct 29, 2024 Jul 31, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey() disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack.
CVE-2024-5912 - - Nov 21, 2024 Jul 10, 2024 6.8 MEDIUM· v4 N/A· v3 N/A· v2 An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can...Show more An improper file signature check in Palo Alto Networks Cortex XDR agent may allow an attacker to bypass the Cortex XDR agent's executable blocking capabilities and run untrusted executables on the device. This issue can be leveraged to execute untrusted software without being detected or blocked.Show less
CVE-2024-38069 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 1809+9 more Nov 21, 2024 Jul 9, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 Windows Enroll Engine Security Feature Bypass Vulnerability
CVE-2024-6580 1Nsoftware 1Ipworks Ssh Sep 26, 2025 Jul 8, 2024 2.3 LOW· v4 6.5 MEDIUM· v3 N/A· v2 The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the S...Show more The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path requests when loading a SSH public key or certificate. To be exploitable, an application calling the SFTPServer component must grant user access without verifying the SSH public key or certificate (which would most likely be a separate vulnerability in the calling application). IPWorks SSH versions 22.0.8945 and 24.0.8945 were released to address this condition by blocking all filesystem and network path requests for SSH public keys or certificates.Show less
CVE-2023-34435 2Level1 Realtek 2Rtl819x Jungle Software Development Kit Wbr 6013 Firmware Nov 4, 2025 Jul 8, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malic...Show more A firmware update vulnerability exists in the boa formUpload functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network packets can lead to arbitrary firmware update. An attacker can provide a malicious file to trigger this vulnerability.Show less
CVE-2024-20892 1Samsung 1Android Nov 21, 2024 Jul 2, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.
CVE-2024-37532 1Ibm 1Websphere Application Server Nov 21, 2024 Jun 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721.
CVE-2024-36277 - - Nov 21, 2024 Jun 17, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper verification of cryptographic signature issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures.
CVE-2024-21988 1Netapp 1Storagegrid Dec 13, 2024 Jun 14, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic imple...Show more StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation.Show less
CVE-2024-37886 1Nextcloud 1User Oidc Aug 14, 2025 Jun 14, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc...Show more user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.5, 2.0.0, 3.0.0, 4.0.0 or 5.0.0.Show less
CVE-2024-32911 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...Show more There is a possible escalation of privilege due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-37568 1Authlib 1Authlib Nov 3, 2025 Jun 9, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CV...Show more lepture Authlib before 1.3.1 has algorithm confusion with asymmetric public keys. Unless an algorithm is specified in a jwt.decode call, HMAC verification is allowed with any asymmetric public key. (This is similar to CVE-2022-29217 and CVE-2024-33663.)Show less
CVE-2024-2451 - - Nov 21, 2024 May 28, 2024 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading...Show more Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading.Show less
CVE-2024-1721 - - Nov 21, 2024 May 21, 2024 5.6 MEDIUM· v4 N/A· v3 N/A· v2 Improper Verification of Cryptographic Signature vulnerability in HYPR Passwordless on Windows allows Malicious Software Update.This issue affects HYPR Passwordless: before 9.1.

Previous 1...121314...34 Next