CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:PYSEC-2017-26...

Ubuntu 16.04 LTS : PySAML2 vulnerability (USN-3402-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3402-1 advisory. It was discovered that PySAML2 incorrectly handled certain SAML XML requests and responses. A remote attacker could use this issue to read arbitrary files. Tenabl...

DEBIAN-CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10127 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10127 Source advisory: OSV:PYSEC-2017-67...