Lucene search
K

201 matches found

Veracode
Veracode
added 2017/05/30 8:23 a.m.18 views

Initialization Vector Reuse

pysaml2 reuses initialization vectors for AES encryption. This may leak information about encrypted data to attackers...

5.3CVSS5.3AI score0.00905EPSS
Exploits0References1Affected Software2
RedHat Linux
RedHat Linux
added 2017/04/12 1:51 p.m.46 views

Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 8.0 Liberty. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.6AI score0.0386EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/04/12 1:51 p.m.9 views

python-pysaml2: Entity expansion issue

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...

7.5CVSS5.8AI score0.0386EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/04/12 1:50 p.m.3 views

python-pysaml2: Entity expansion issue

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...

7.5CVSS5.8AI score0.0386EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/04/12 1:49 p.m.4 views

python-pysaml2: Entity expansion issue

An XML entity expansion vulnerability was found in python-pysaml2. A remote attacker could send a crafted request which would cause denial of service through resource exhaustion...

7.5CVSS5.8AI score0.0386EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/04/12 1:49 p.m.50 views

Moderate: Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

An update for python-defusedxml and python-pysaml2 is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS6.6AI score0.0386EPSS
Exploits0References2
Veracode
Veracode
added 2017/03/27 6:12 a.m.20 views

XML External Entity (XXE)

PySAML2 is vulnerable to XML external entity attacks XXE. The vulnerability allows remote malicious users to read arbitrary files using a SAMPL XML request or response as the injection vector for the XXE attack...

7.5CVSS7.7AI score0.0386EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/03/24 2:59 p.m.1 views

DEBIAN-CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7.4AI score0.0386EPSS
Exploits0References1
OSV
OSV
added 2017/03/24 2:59 p.m.19 views

CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7.4AI score
Exploits0References10
PyPA
PyPA
added 2017/03/24 2:59 p.m.5 views

PYSEC-2017-25

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7AI score0.0386EPSS
Exploits0References11Affected Software1
vulnersOsv
vulnersOsv
added 2017/03/24 2:59 p.m.4 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10149 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10149 Source advisory: OSV:PYSEC-2017-25...

7.5CVSS6.7AI score0.0386EPSS
Exploits0
Prion
Prion
added 2017/03/24 2:59 p.m.15 views

Xxe

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

5CVSS7AI score0.0386EPSS
Exploits0References10Affected Software2
NVD
NVD
added 2017/03/24 2:59 p.m.17 views

CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7.3AI score0.0386EPSS
Exploits0References10
OSV
OSV
added 2017/03/24 2:59 p.m.21 views

PYSEC-2017-25

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS6.6AI score0.0386EPSS
Exploits0References11
CVE
CVE
added 2017/03/24 2:0 p.m.106 views

CVE-2016-10149

CVE-2016-10149 affects PySAML2 up to version 4.4.0, exposing an XML External Entity (XXE) vulnerability that allows a remote attacker to read arbitrary files via crafted SAML XML requests/responses. Root cause: improper XML processing/external-entity handling. Documented impact: read access to fi...

7.5CVSS7.3AI score0.0386EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2017/03/24 2:0 p.m.30 views

CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.4AI score0.0386EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2017/03/24 2:0 p.m.22 views

CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7.5AI score0.0386EPSS
Exploits0
OSV
OSV
added 2017/03/24 12:0 a.m.1 views

UBUNTU-CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS6.9AI score0.0386EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2017/03/24 12:0 a.m.21 views

CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS6.9AI score0.0386EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/03/03 3:59 p.m.26 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS7.2AI score0.02133EPSS
Exploits0References2
Rows per page
Query Builder