Lucene search
K

201 matches found

PyPA
PyPA
added 2020/01/13 7:15 p.m.4 views

PYSEC-2020-94

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS6.8AI score0.01207EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2020/01/13 7:15 p.m.10 views

Information disclosure

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

5CVSS7.4AI score0.01207EPSS
Exploits0References8Affected Software3
vulnersOsv
vulnersOsv
added 2020/01/13 7:15 p.m.8 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +6 more potentially affected by CVE-2020-5390 via pysaml2 (>=4.0.2 <=4.8.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2020-5390 Source advisory: OSV:PYSEC-2020-94...

7.5CVSS7.1AI score0.01207EPSS
Exploits0
OSV
OSV
added 2020/01/13 7:15 p.m.23 views

PYSEC-2020-94

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS1.7AI score0.01207EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2020/01/13 6:11 p.m.17 views

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.5CVSS7.6AI score0.01207EPSS
Exploits0
Cvelist
Cvelist
added 2020/01/13 6:11 p.m.18 views

CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

7.4AI score0.01207EPSS
Exploits0References8
CVE
CVE
added 2020/01/13 6:11 p.m.162 views

CVE-2020-5390

CVE-2020-5390 affects PySAML2 prior to 5.0.0 where SAML signature enveloping is not checked, enabling XML Signature Wrapping (XSW) and causing the verification to succeed while using the wrong data (e.g., assertions). The connected documents indicate a fix is available: PySAML2 patch CVE-2020-539...

7.5CVSS7.3AI score0.01207EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2020/01/09 12:0 a.m.4 views

PT-2020-5164 · Pysaml2 +2 · Pysaml2 +2

Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 5.0.0 Description: The issue is related to incorrect verification of cryptographic signatures in SAML2 documents, allowing a remote attacker to bypass signature checks and access protected information. This is due to...

9.8CVSS6.8AI score0.99856EPSS
Exploits30References142
OSV
OSV
added 2019/10/15 12:46 p.m.12 views

SUSE-SU-2019:2671-1 Security update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer

This update for crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easydiff, sleshammer fixes the following issues: In python-pysaml2 the followin...

9.8CVSS8.4AI score0.64284EPSS
Exploits1References43
Veracode
Veracode
added 2019/01/15 9:16 a.m.15 views

XML External Entity (XXE)

PySAML2 is vulnerable to XML external entity attacks XXE. The vulnerability allows remote malicious users to read arbitrary files using a SAMPL XML request or response as the injection vector for the XXE attack...

7.5CVSS7.7AI score0.0386EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-3520-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.2AI score0.0252EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2018/10/26 12:0 a.m.84 views

Ubuntu: Security Advisory (USN-3402-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.0386EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2018/07/16 4:50 p.m.19 views

Pysaml2 improperly initializes encryption vector

Python package pysaml2 version 4.5.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

5.3CVSS5.5AI score0.00905EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2018/07/16 4:50 p.m.2 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +5 more potentially affected by CVE-2017-1000246 via pysaml2 (>=4.0.2 <=4.5.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.2.1, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000246 Source advisory: OSV:GHSA-CQ94-QF6Q-MF2H...

5.3CVSS6.7AI score0.00905EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/07/16 4:50 p.m.3 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10149 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10149 Source advisory: OSV:GHSA-C2VX-49JM-H3F6...

7.5CVSS6.6AI score0.0386EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/07/16 4:50 p.m.21 views

Pysaml2 does not sanitize XML responses

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS6.7AI score0.0386EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2018/07/16 4:50 p.m.18 views

GHSA-C2VX-49JM-H3F6 Pysaml2 does not sanitize XML responses

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

8.7CVSS7.3AI score0.0386EPSS
Exploits0References13
OSV
OSV
added 2018/07/13 4:1 p.m.25 views

GHSA-924M-4PMX-C67H pysaml2 Improper Authentication vulnerability

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

9.2CVSS7.9AI score0.0252EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2018/07/13 4:1 p.m.26 views

pysaml2 Improper Authentication vulnerability

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

8.1CVSS7.9AI score0.0252EPSS
Exploits0References9Affected Software1
vulnersOsv
vulnersOsv
added 2018/07/13 4:1 p.m.5 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2017-1000433 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2017-1000433 Source advisory: OSV:GHSA-924M-4PMX-C67H...

8.1CVSS6.9AI score0.0252EPSS
Exploits0
Rows per page
Query Builder