SUSE SLES15 Security Update : opensaml (SUSE-SU-2025:01500-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01500-1 advisory. - CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. bsc1239889 Tenable has extracted the...

SUSE SLES12 Security Update : opensaml (SUSE-SU-2025:1501-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1501-1 advisory. - CVE-2025-31335: Fixed parameter manipulation allowing forging signed SAML messages bsc1239889 Tenable has extracted the preceding description block...

K000151066: OpenSAML vulnerability CVE-2025-31335

Security Advisory Description The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. CVE-2025-31335 Impact There is no impact; F5 products are not affected by this vulnerability. Security...

Debian dla-4093 : libsaml-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4093 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4093-1 [email protected] https://www.debian.org/lts/security/...

Ubuntu: Security Advisory (USN-7364-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : OpenSAML vulnerability (USN-7364-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7364-1 advisory. Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages...

USN-7364-1 opensaml vulnerability

Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. An attacker could possibly use this issue to gain unauthorized access to a system and manipulate sensitive information...

USN-7364-1: OpenSAML vulnerability

Alexander Tan discovered that the OpenSAML C++ library was susceptible to forging of signed SAML messages. An attacker could possibly use this issue to gain unauthorized access to a system and manipulate sensitive information...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +870 more potentially affected by CVE-2015-1796 via org.opensaml:opensaml (>=1.1 <=2.6.4)

org.opensaml:opensaml MAVEN version =1.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =3.0.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2015-1796 Source advisory: OSV:GHSA-78FQ-W796-Q537...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +811 more potentially affected by CVE-2014-3603 via org.opensaml:opensaml (>=1.1 <=2.6.1)

org.opensaml:opensaml MAVEN version =1.1, =1.1.7, =1.1.9, =1.2.5, =1.2.1, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.0.83-RC1, =1.0.88-RC1, =1.0.83-RC1, =1.0.83-RC1, =1.0.112-RELEASE and more Source cves: CVE-2014-3603 Source advisory: OSV:GHSA-RM7V-GQFG-P2WC...

UBUNTU-CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...