13 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-3465
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML...
CVE-2019-3465
creationtimestamp| type| source ---|---|--- 2023-12-10 16:50:34+00:00| seen| https://t.me/arpsyndicate/1658 2024-02-05 17:22:39+00:00| seen| https://t.me/ctinow/179365...
Fedora 30 : php-robrichards-xmlseclibs1 (2020-1b95d7a131)
1.4.3 12, Nov 2019 Security Improvements : - Insure only a single SignedInfo element exists within a signature during verification. Refs CVE-2019-3465. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Fedora 31 : php-robrichards-xmlseclibs1 (2020-46d0f456a9)
1.4.3 12, Nov 2019 Security Improvements : - Insure only a single SignedInfo element exists within a signature during verification. Refs CVE-2019-3465. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
Fedora: Security Advisory for php-robrichards-xmlseclibs1 (FEDORA-2020-1b95d7a131)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for php-robrichards-xmlseclibs3 FEDORA-2019-ec8719a21c
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 29 : php-robrichards-xmlseclibs3 (2019-be01267416)
3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 31 : php-robrichards-xmlseclibs3 (2019-9a960c8a98)
3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 30 : php-robrichards-xmlseclibs3 (2019-ec8719a21c)
3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 31 : php-robrichards-xmlseclibs (2019-73d0fe1d15)
2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
CVE-2019-3465 affects Rob Richards XmlSecLibs (all versions before 3.0.3) used by SimpleSAMLphp, where XML signature validation is incorrect. An authenticated attacker can impersonate others or elevate privileges via crafted XML messages. The issue is mitigated by upgrading XmlSecLibs to v3.0.3 o...
[SECURITY] [DLA 1983-1] simplesamlphp security update
Package : simplesamlphp Version : 1.13.1-2+deb8u3 CVE ID : CVE-2019-3465 Debian Bug : 944107 It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 "Jessie", this problem has been...