Weaknesses of type CWE-347

471 results

CVE-2017-15090—An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signaturEPSS 0.6%CVE-2024-47943CRITICALImproper signature verification of firmware upgrade filesEPSS 0.6%CVE-2021-32977HIGHAVEVA System Platform Improper Verification of Cryptographic SignatureEPSS 0.6%CVE-2024-42461MEDIUMIn the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed.EPSS 0.6%CVE-2025-47934HIGHOpenPGP.js's message signature verification can be spoofedEPSS 0.6%CVE-2020-3308MEDIUMCisco Firepower Threat Defense Software Signature Verification Bypass VulnerabilityEPSS 0.6%CVE-2022-39300HIGHSignature bypass via multiple root elements in node-SAMLEPSS 0.6%CVE-2021-29500HIGHMissing validation of JWT signatureEPSS 0.6%CVE-2023-28610CRITICALThe update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update imaEPSS 0.6%CVE-2023-22742MEDIUMlibgit2 fails to verify SSH keys by defaultEPSS 0.6%CVE-2019-10136MEDIUMIt was found that Spacewalk, all versions through 2.9, did not safely compute client token checksums. An attacker with a valid, but expired,EPSS 0.6%CVE-2024-13990CRITICALMicroWorld eScan AV Insecure Update Mechanism Allows Man-in-the-Middle Replacement of UpdatesEPSS 0.6%CVE-2025-9485CRITICALOAuth Single Sign On – SSO (OAuth Client) <= 6.26.12 - Authentication Bypass via get_resource_owner_from_id_token()EPSS 0.6%CVE-2021-3051HIGHCortex XSOAR: Authentication Bypass in SAML AuthenticationEPSS 0.6%CVE-2023-5747HIGHCommand injection via wave install fileEPSS 0.6%CVE-2024-48948MEDIUMThe Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at EPSS 0.6%CVE-2022-35929HIGHFalse positive signature verification in cosignEPSS 0.5%CVE-2026-4115MEDIUMPuTTY Ed25519 Signature ecc-ssh.c eddsa_verify signature verificationEPSS 0.5%CVE-2022-23334CRITICALThe Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackersEPSS 0.5%CVE-2023-24025HIGHCRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signaEPSS 0.5%

← previouspage 6 / 24next →