Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-347 (密码学签名的验证不恰当) — Vulnerability Class 357

357 vulnerabilities classified as CWE-347 (密码学签名的验证不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-34358 TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController — typo3 5.3 Medium2024-05-14
CVE-2023-50228 Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability — Desktop 7.8 -2024-05-03
CVE-2024-32962 XML signature verification bypass due improper verification of signature / signature spoofing — xml-crypto 10.0 Critical2024-05-02
CVE-2024-23480 Insecure MacOS code sign check fallback — Client Connector 7.5 High2024-05-01
CVE-2024-27247 Zoom Desktop Client for macOS - Improper Privilege Management — Zoom Desktop Client for macOS 5.5 Medium2024-04-09
CVE-2024-24694 Zoom Desktop Client for Windows - Improper Privilege Management — Zoom Desktop Client for Windows 5.9 Medium2024-04-09
CVE-2024-26194 Secure Boot Security Feature Bypass Vulnerability — Windows 10 Version 1809 7.4 High2024-04-09
CVE-2024-2307 Osbuild-composer: race condition may disable gpg verification for package repositories 6.1 Medium2024-03-19
CVE-2024-1150 Improper validation of update packages — Inventory Agent 7.8 High2024-02-08
CVE-2024-1149 Improper validation of update packages — Inventory Agent 7.8 High2024-02-08
CVE-2024-21917 Rockwell Automation FactoryTalk® Service Platform Service Token Vulnerability — FactoryTalk® Service Platform 9.8 Critical2024-01-31
CVE-2024-21383 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based) 3.3 Low2024-01-26
CVE-2024-23680 AWS Encryption SDK for Java Improper Verification of Cryptographic Signature 8.2 -2024-01-19
CVE-2024-0567 Gnutls: rejects certificate chain with distributed trust 7.5 High2024-01-16
CVE-2023-2030 Improper Verification of Cryptographic Signature in GitLab — GitLab 3.5 Low2024-01-12
CVE-2024-21669 Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC — aries-cloudagent-python 9.9 Critical2024-01-11
CVE-2023-5347 Unauthenticated Firmware Upgrade — JetNet Series 9.8 Critical2024-01-09
CVE-2022-3864 ABB Relion 670 Series 和 Relion 650 Series安全漏洞 — Relion 670/650/SAM600-IO Series 4.5 Medium2024-01-04
CVE-2023-23436 Honor Magic Ui 安全漏洞 — Magic OS 7.3 High2023-12-29
CVE-2023-23435 Honor Magic Ui 安全漏洞 — Magic OS 4.0 Medium2023-12-29
CVE-2023-23433 Honor NTH-AN00 安全漏洞 — NTH-AN00 4.0 Medium2023-12-29
CVE-2023-23431 Honor NTH-AN00 安全漏洞 — NTH-AN00 7.3 High2023-12-29
CVE-2023-23432 Honor NTH-AN00 安全漏洞 — NTH-AN00 7.3 High2023-12-29
CVE-2023-49646 Zoom Client 安全漏洞 — Zoom Clients 6.4 Medium2023-12-13
CVE-2023-41337 h2o vulnerable to TLS session resumption misdirection — h2o 6.1 Medium2023-12-12
CVE-2023-49079 Misskey's missing signature validation allows arbitrary users to impersonate any remote user. — misskey 9.3 Critical2023-11-29
CVE-2023-5747 Command injection via wave install file — PNV-A6081R 7.2 High2023-11-13
CVE-2023-47122 Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. — gitsign 4.2 Medium2023-11-10
CVE-2023-46234 browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack — browserify-sign 6.5 Medium2023-10-26
CVE-2023-28804 Linux ZCC allows unsigned updates, allowing elevated Code Execution — Client Connector 8.2 High2023-10-23

Vulnerabilities classified as CWE-347 (密码学签名的验证不恰当) represent 357 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.