Lucene search
K

195 matches found

OSV
OSV
added 2015/08/12 2:59 p.m.2 views

UBUNTU-CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

5CVSS7.1AI score0.02444EPSS
Exploits0References4
CVE
CVE
added 2015/08/12 2:0 p.m.90 views

CVE-2015-0851

CVE-2015-0851 affects XMLTooling-C (before 1.5.5) as used in OpenSAML-C and Shibboleth Service Provider. The vulnerability arises from improper handling of integer conversion exceptions, allowing remote attackers to trigger a denial of service (crash) via schema-invalid XML data. Affected compone...

5CVSS7.2AI score0.02444EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/08/12 2:0 p.m.37 views

CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

7.2AI score0.02444EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2015/08/12 2:0 p.m.18 views

CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

5CVSS7.1AI score0.02444EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/10 12:0 a.m.26 views

Fedora 22 : opensaml-java-2.5.3-9.fc22 / opensaml-java-openws-1.5.5-2.fc22 (2015-10235)

OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

5.9CVSS6.3AI score0.00844EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2015/08/10 12:0 a.m.32 views

Fedora 21 : opensaml-java-2.5.3-9.fc21 / opensaml-java-openws-1.5.5-2.fc21 (2015-10175)

OpenSAML Java: HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

5.9CVSS6.3AI score0.00844EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2015/08/08 12:0 a.m.20 views

Fedora Update for opensaml-java FEDORA-2015-10235

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00844EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/08/08 12:0 a.m.24 views

Fedora Update for opensaml-java-openws FEDORA-2015-10235

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00844EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/08/08 12:0 a.m.25 views

Fedora Update for opensaml-java-openws FEDORA-2015-10175

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00844EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/08/08 12:0 a.m.27 views

Fedora Update for opensaml-java FEDORA-2015-10175

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.00844EPSS
Exploits1References2
Fedora
Fedora
added 2015/08/07 1:5 p.m.23 views

[SECURITY] Fedora 22 Update: opensaml-java-2.5.3-9.fc22

OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language SAML. OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0...

5.9CVSS2.4AI score0.00844EPSS
Exploits1
Fedora
Fedora
added 2015/08/07 1:4 p.m.23 views

[SECURITY] Fedora 21 Update: opensaml-java-2.5.3-9.fc21

OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language SAML. OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0...

5.9CVSS2.4AI score0.00844EPSS
Exploits1
Fedora
Fedora
added 2015/08/07 1:4 p.m.29 views

[SECURITY] Fedora 21 Update: opensaml-java-openws-1.5.5-2.fc21

The OpenWS library provides a growing set of tools to work with web service s at a low level. These tools include classes for creating and reading SOAP messages, transport-independent clients for connecting to web services, and various transports for use with those clients...

5.9CVSS1.7AI score0.00844EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/07/27 12:0 a.m.21 views

FreeBSD : shibboleth-sp -- DoS vulnerability (b202e4ce-3114-11e5-aa32-0026551a22dc)

Shibboleth consortium reports : Shibboleth SP software crashes on well-formed but invalid XML. The Service Provider software contains a code path with an uncaught exception that can be triggered by an unauthenticated attacker by supplying well-formed but schema-invalid XML in the form of SAML...

4CVSS5.5AI score0.0195EPSS
Exploits0References3
NVD
NVD
added 2015/07/08 3:59 p.m.23 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS8.5AI score0.01256EPSS
Exploits0References4
Prion
Prion
added 2015/07/08 3:59 p.m.19 views

Design/Logic Flaw

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7AI score0.01256EPSS
Exploits0References4Affected Software2
UbuntuCve
UbuntuCve
added 2015/07/08 3:59 p.m.54 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

4.3CVSS7.1AI score0.01256EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/07/08 3:0 p.m.26 views

CVE-2015-1796

The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java OpenSAML-J before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a...

8.5AI score0.01256EPSS
Exploits0References4
CVE
CVE
added 2015/07/08 3:0 p.m.157 views

CVE-2015-1796

The CVE-2015-1796 issue affects Shibboleth Identity Provider (IdP) and OpenSAML Java where PKIX trust engines can trust candidate X.509 credentials if no trusted names exist for the entityID. This allows remote impersonation via a certificate issued by a shibmd:KeyAuthority trust anchor. Affected...

4.3CVSS8.2AI score0.01256EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2015/07/07 12:0 a.m.31 views

Fedora Update for opensaml-java-xmltooling FEDORA-2015-4726

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS8.7AI score0.07405EPSS
Exploits0References2
Rows per page
Query Builder