Lucene search
K

195 matches found

OSV
OSV
added 2009/09/29 11:30 p.m.10 views

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

6.5AI score
Exploits0References10
OSV
OSV
added 2009/09/29 11:30 p.m.2 views

DEBIAN-CVE-2009-3476

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute...

9.3CVSS8.1AI score0.04097EPSS
Exploits0References1
OSV
OSV
added 2009/09/29 11:30 p.m.8 views

CVE-2009-3476

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute...

7.8AI score
Exploits0References5
Cvelist
Cvelist
added 2009/09/29 11:0 p.m.23 views

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

6.5AI score0.01544EPSS
Exploits0References9
Cvelist
Cvelist
added 2009/09/29 11:0 p.m.25 views

CVE-2009-3476

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute...

7.8AI score0.04097EPSS
Exploits0References5
CVE
CVE
added 2009/09/29 11:0 p.m.61 views

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not enforce a KeyDescriptor Use attribute, allowing a certificate designated for a single purpose (signing or encryption) to be used for both. This weakens the intended...

7.5CVSS6.4AI score0.01544EPSS
Exploits0References9Affected Software3
CVE
CVE
added 2009/09/29 11:0 p.m.65 views

CVE-2009-3476

CVE-2009-3476 affects OpenSAML prior to 1.1.3 when used in Internet2 Shibboleth Service Provider (SP) software 1.3.x before 1.3.4, and XMLTooling prior to 1.2.2 as used in Shibboleth SP 2.x before 2.2.1. Description: a malformed encoded URL may be exploited by remote attackers to cause a denial o...

9.3CVSS7.8AI score0.04097EPSS
Exploits0References5Affected Software2
Debian CVE
Debian CVE
added 2009/09/29 11:0 p.m.24 views

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

7.5CVSS6.4AI score0.01544EPSS
Exploits0
Debian CVE
Debian CVE
added 2009/09/29 11:0 p.m.24 views

CVE-2009-3476

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute...

9.3CVSS7.6AI score0.04097EPSS
Exploits0
Debian
Debian
added 2009/09/29 9:47 p.m.18 views

[Backports-security-announce] Security update for opemsaml and shibboleth-sp

Russ Allbery uploaded new packages for opensaml and shibboleth-sp which fixed the following security problems: DSA-1896-1 Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x: Chris Ries discovered that decoding a crafted URL leads to ...

2.7AI score
Exploits0
Debian
Debian
added 2009/09/29 9:46 p.m.16 views

[Backports-security-announce] Security update for opemsaml and shibboleth-sp

Russ Allbery uploaded new packages for opensaml and shibboleth-sp which fixed the following security problems: DSA-1896-1 Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x: Chris Ries discovered that decoding a crafted URL leads to ...

6.1AI score
Exploits0
Debian
Debian
added 2009/09/28 5:13 a.m.13 views

[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.31 views

xmltooling / opensaml / Shibboleth multiple security vulnerabilities

Certificates spoofing, memory corruption...

2AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.52 views

[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...

0.1AI score
Exploits0
OSV
OSV
added 2009/09/28 12:0 a.m.16 views

DSA-1896-1 opensaml shibboleth-sp - potential code execution

Bulletin has no description...

9.3CVSS5.6AI score0.04097EPSS
Exploits0
Rows per page
Query Builder