VYPR

CWE-347

Improper Verification of Cryptographic Signature

BaseDraft

Description

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-463 · CAPEC-475

CVEs mapped to this weakness (357)

page 5 of 18
  • CVE-2015-9258HigMar 31, 2018
    risk 0.49cvss 7.5epss 0.01

    In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an…

  • CVE-2018-7644HigMar 5, 2018
    risk 0.49cvss 7.5epss 0.01

    The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid,…

  • CVE-2017-17848HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in Enigmail before 1.9.9. In a variant of CVE-2017-17847, signature spoofing is possible for multipart/related messages because a signed message part can be referenced with a cid: URI but not actually displayed. In other words, the entire containing…

  • CVE-2017-17847HigDec 27, 2017
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message…

  • CVE-2017-12974HigAug 20, 2017
    risk 0.49cvss 7.5epss 0.01

    Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.

  • CVE-2005-2182HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2005-2181HigJul 11, 2005
    risk 0.49cvss 7.5epss 0.01

    Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such as the "Messages waiting" message.

  • CVE-2002-1706HigDec 31, 2002
    risk 0.49cvss 7.5epss 0.01

    Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7100 series Universal Broadband Routers allows remote attackers to modify Data Over Cable Service Interface Specification (DOCSIS) settings via a DOCSIS file without a Message Integrity Check (MIC) signature,…

  • CVE-2026-47201HigJun 2, 2026
    risk 0.48cvss 8.5epss 0.00

    authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a…

  • CVE-2026-0265HigMay 13, 2026
    risk 0.47cvss epss 0.00

    An authentication bypass vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to bypass authentication controls when Cloud Authentication Service (CAS) is enabled. The risk is higher if CAS is enabled on the management…

  • CVE-2026-6328HigApr 15, 2026
    risk 0.47cvss epss 0.00

    Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame handler modules) allows Protocol Manipulation.This issue affects XQUIC: through…

  • CVE-2026-24032HigApr 14, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in the UMC component. This could allow an unauthenticated remote attacker to bypass…

  • CVE-2026-0234HigApr 13, 2026
    risk 0.47cvss epss 0.00

    An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access and modify protected resources.

  • CVE-2025-12006HigJan 16, 2026
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2025-58356HigOct 27, 2025
    risk 0.47cvss epss 0.00

    Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function crypt_activate_by_passhrase. If the VM is successful in opening…

  • CVE-2025-7937HigSep 19, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.

  • CVE-2025-6198HigSep 19, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

  • CVE-2024-10237HigFeb 4, 2025
    risk 0.47cvss 7.2epss 0.00

    There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

  • CVE-2024-56161HigFeb 3, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

  • CVE-2024-8531HigOct 11, 2024
    risk 0.47cvss 7.2epss 0.00

    CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root.