201 matches found
Initialization Vector Reuse
pysaml2 reuses initialization vectors for AES encryption. This may leak information about encrypted data to attackers...
Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update
An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
python-pysaml2: Entity expansion issue
An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...
python-pysaml2: Entity expansion issue
An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...
python-pysaml2: Entity expansion issue
An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...
Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update
An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
XML External Entity (XXE)
PySAML2 is vulnerable to XML external entity attacks XXE. The vulnerability allows remote malicious users to read arbitrary files using a SAMPL XML request or response as the injection vector for the XXE attack...
DEBIAN-CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
PYSEC-2017-25
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10149 via pysaml2 (>=4.0.2 <=4.4.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10149 Source advisory: OSV:PYSEC-2017-25...
Xxe
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
PYSEC-2017-25
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
CVE-2016-10149 affects PySAML2 up to version 4.4.0, exposing an XML External Entity (XXE) vulnerability that allows a remote attacker to read arbitrary files via crafted SAML XML requests/responses. Root cause: improper XML processing/external-entity handling. Documented impact: read access to fi...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
UBUNTU-CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...