Common Weakness Enumeration

CWE-347

Allowed

Improper Verification of Cryptographic Signature

Abstraction: Base · Status: Draft

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

1128 vulnerabilities reference this CWE, most recent first.

GHSA-9955-WG6R-GGM9

Vulnerability from github – Published: 2022-05-14 01:37 – Updated: 2022-05-14 01:37
VLAI
Details

In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-16149"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-11-07T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponents are being used, a remote attacker can generate purposefully crafted signatures (and put them on X.509 certificates) to induce illegal memory access and crash the verifier.",
  "id": "GHSA-9955-wg6r-ggm9",
  "modified": "2022-05-14T01:37:56Z",
  "published": "2022-05-14T01:37:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/igrr/axtls-8266/commit/5efe2947ab45e81d84b5f707c51d1c64be52f36c"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/axtls/mailman/message/36459928"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-99G5-79VP-5JV9

Vulnerability from github – Published: 2022-05-13 01:22 – Updated: 2022-05-13 01:22
VLAI
Details

HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-6318"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-04-11T15:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "HP LaserJet Enterprise printers, HP PageWide Enterprise printers, HP LaserJet Managed printers, HP Officejet Enterprise printers have an insufficient solution bundle signature validation that potentially allows execution of arbitrary code.",
  "id": "GHSA-99g5-79vp-5jv9",
  "modified": "2022-05-13T01:22:45Z",
  "published": "2022-05-13T01:22:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6318"
    },
    {
      "type": "WEB",
      "url": "https://support.hp.com/us-en/document/c06265454"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9FMW-XP57-PHR3

Vulnerability from github – Published: 2022-11-04 12:00 – Updated: 2022-11-05 12:00
VLAI
Details

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-04T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior).",
  "id": "GHSA-9fmw-xp57-phr3",
  "modified": "2022-11-05T12:00:20Z",
  "published": "2022-11-04T12:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41666"
    },
    {
      "type": "WEB",
      "url": "https://www.se.com/ww/en/download/document/SEVD-2022-284-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9G9Q-P8C3-CHFQ

Vulnerability from github – Published: 2025-11-04 03:30 – Updated: 2025-12-17 21:30
VLAI
Details

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-43390"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-04T02:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.",
  "id": "GHSA-9g9q-p8c3-chfq",
  "modified": "2025-12-17T21:30:33Z",
  "published": "2025-11-04T03:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43390"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125634"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/125635"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GFF-JCRQ-H3HW

Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-12-06 21:30
VLAI
Details

In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-13101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-08-24T08:15:00Z",
    "severity": "MODERATE"
  },
  "details": "In OASIS Digital Signature Services (DSS) 1.0, an attacker can control the validation outcome (i.e., trigger either a valid or invalid outcome for a valid or invalid signature) via a crafted XML signature, when the InlineXML option is used. This defeats the expectation of non-repudiation.",
  "id": "GHSA-9gff-jcrq-h3hw",
  "modified": "2022-12-06T21:30:45Z",
  "published": "2022-05-24T17:26:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13101"
    },
    {
      "type": "WEB",
      "url": "https://www.oasis-open.org/apps/org/workgroup/dss-x"
    },
    {
      "type": "WEB",
      "url": "https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=dss-x"
    },
    {
      "type": "WEB",
      "url": "https://www.oasis-open.org/standards#dssv1.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9GXV-X7RP-R2HC

Vulnerability from github – Published: 2024-05-15 21:47 – Updated: 2026-07-16 18:46
VLAI
Summary
gree/jose - "None" Algorithm treated as valid in tokens
Details

Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "gree/jose"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-15T21:47:39Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).",
  "id": "GHSA-9gxv-x7rp-r2hc",
  "modified": "2026-07-16T18:46:45Z",
  "published": "2024-05-15T21:47:39Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries"
    },
    {
      "type": "WEB",
      "url": "https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/gree/jose/2016-08-30.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nov/jose-php"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nov/jose-php/compare/2.2.0...2.2.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "gree/jose - \"None\" Algorithm treated as valid in tokens"
}

GHSA-9H7X-WV5P-55Q4

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31
VLAI
Details

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-6664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-25T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.",
  "id": "GHSA-9h7x-wv5p-55q4",
  "modified": "2022-05-13T01:31:58Z",
  "published": "2022-05-13T01:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6664"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10233"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10237"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104299"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1040895"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9HRW-RG2R-V3PR

Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48
VLAI
Details

An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10988"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-05T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered on Diqee Diqee360 devices. A firmware update process, integrated into the firmware, starts at boot and tries to find the update folder on the microSD card. It executes code, without a digital signature, as root from the /mnt/sdcard/$PRO_NAME/upgrade.sh or /sdcard/upgrage_360/upgrade.sh pathname.",
  "id": "GHSA-9hrw-rg2r-v3pr",
  "modified": "2022-05-13T01:48:59Z",
  "published": "2022-05-13T01:48:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10988"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/neolead/a1fadac07373835507705a7d61e638ae#file-cve-2018-10988-txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9J74-VWR9-QF7F

Vulnerability from github – Published: 2022-06-25 00:00 – Updated: 2022-07-06 00:00
VLAI
Details

The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-24T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.",
  "id": "GHSA-9j74-vwr9-qf7f",
  "modified": "2022-07-06T00:00:29Z",
  "published": "2022-06-25T00:00:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1739"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-154-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-9MCV-R5RJ-7F62

Vulnerability from github – Published: 2022-05-24 19:04 – Updated: 2022-05-24 19:04
VLAI
Details

An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-347"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-09T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Hitachi ID Bravura Security Fabric 11.0.0 through 11.1.3, 12.0.0 through 12.0.2, and 12.1.0. When using federated identity management (authenticating via SAML through a third-party identity provider), an attacker can inject additional data into a signed SAML response being transmitted to the service provider (ID Bravura Security Fabric). The application successfully validates the signed values but uses the unsigned malicious values. An attacker with lower-privilege access to the application can inject the username of a high-privilege user to impersonate that user.",
  "id": "GHSA-9mcv-r5rj-7f62",
  "modified": "2022-05-24T19:04:33Z",
  "published": "2022-05-24T19:04:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3196"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi-id.com/cve-2021-3196-attackers-can-impersonate-another-user"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/hirt/hitachi-sec/2021/601.html"
    },
    {
      "type": "WEB",
      "url": "https://www.hitachi.com/hirt/security/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

CAPEC-463: Padding Oracle Crypto Attack

An adversary is able to efficiently decrypt data without knowing the decryption key if a target system leaks data on whether or not a padding error happened while decrypting the ciphertext. A target system that leaks this type of information becomes the padding oracle and an adversary is able to make use of that oracle to efficiently decrypt data without knowing the decryption key by issuing on average 128*b calls to the padding oracle (where b is the number of bytes in the ciphertext block). In addition to performing decryption, an adversary is also able to produce valid ciphertexts (i.e., perform encryption) by using the padding oracle, all without knowing the encryption key.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.