Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

CVEs (676)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-16154 2App Fedoraproject 2\ Fedora Nov 21, 2024 Dec 13, 2021 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass.
CVE-2021-0152 1Intel 15Ac1550 Firmware Ac 3165 FirmwareAc 3168 Firmware+12 more Nov 21, 2024 Nov 17, 2021 N/A· v4 5.5 MEDIUM· v3 2.1 LOW· v2 Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of...Show more Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access.Show less
CVE-2021-34420 1Zoom 1Zoom Client For Meetings Nov 21, 2024 Nov 11, 2021 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious soft...Show more The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer.Show less
CVE-2021-43572 1Starkbank 1Ecdsa Python Nov 21, 2024 Nov 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messag...Show more The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.Show less
CVE-2021-43571 1Starkbank 1Ecdsa Node Nov 21, 2024 Nov 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
CVE-2021-43570 1Starkbank 1Ecdsa Java Nov 21, 2024 Nov 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
CVE-2021-43569 1Starkbank 1Ecdsa Dotnet Nov 21, 2024 Nov 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
CVE-2021-43568 1Starkbank 1Elixir Ecdsa Nov 21, 2024 Nov 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
CVE-2021-39909 1Gitlab 1Gitlab Nov 21, 2024 Nov 5, 2021 N/A· v4 5.3 MEDIUM· v3 3.5 LOW· v2 Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 bef...Show more Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows an attacker to bypass CODEOWNERS Merge Request approval requirement under rare circumstancesShow less
CVE-2021-37127 1Huawei 2Imanager Neteco 6000 Firmware Imanager Neteco Firmware Nov 21, 2024 Oct 27, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the f...Show more There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.Show less
CVE-2021-41832 1Apache 1Openoffice Nov 21, 2024 Oct 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-...Show more It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory.Show less
CVE-2021-41831 1Apache 1Openoffice Nov 21, 2024 Oct 11, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the Libre...Show more It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory.Show less
CVE-2021-41830 1Apache 1Openoffice Nov 21, 2024 Oct 11, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11...Show more It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory.Show less
CVE-2021-29108 1Esri 1Portal For Arcgis Nov 21, 2024 Oct 1, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML...Show more There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.Show less
CVE-2021-37927 1Zohocorp 1Manageengine Admanager Plus Nov 21, 2024 Sep 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Zoho ManageEngine ADManager Plus version 7110 and prior allows account takeover via SSO.
CVE-2021-31847 1Mcafee 1Agent Nov 21, 2024 Sep 22, 2021 N/A· v4 7.8 HIGH· v3 6.9 MEDIUM· v2 Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation...Show more Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.Show less
CVE-2021-31841 1Mcafee 1Mcafee Agent Nov 21, 2024 Sep 22, 2021 N/A· v4 7.3 HIGH· v3 6.9 MEDIUM· v2 A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would res...Show more A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.Show less
CVE-2021-34709 1Cisco 1Ios Xr Nov 21, 2024 Sep 9, 2021 N/A· v4 6.4 MEDIUM· v3 6.9 MEDIUM· v2 Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series...Show more Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2021-34708 1Cisco 1Ios Xr Nov 21, 2024 Sep 9, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series...Show more Multiple vulnerabilities in image verification checks of Cisco Network Convergence System (NCS) 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for Cisco 8000 Series Routers could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.Show less
CVE-2021-3051 1Paloaltonetworks 1Cortex Xsoar Nov 21, 2024 Sep 8, 2021 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to...Show more An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR SAML authentication that enables an unauthenticated network-based attacker with specific knowledge of the Cortex XSOAR instance to access protected resources and perform unauthorized actions on the Cortex XSOAR server. This issue impacts: Cortex XSOAR 5.5.0 builds earlier than 1578677; Cortex XSOAR 6.0.2 builds earlier than 1576452; Cortex XSOAR 6.1.0 builds earlier than 1578663; Cortex XSOAR 6.2.0 builds earlier than 1578666. All Cortex XSOAR instances hosted by Palo Alto Networks are protected from this vulnerability; no additional action is required for these instances.Show less

Previous 1...212223...34 Next