Lucene search
K

201 matches found

OSV
OSV
added 2017/03/03 3:59 p.m.19 views

PYSEC-2017-67

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS6.4AI score0.02133EPSS
Exploits0References7
Prion
Prion
added 2017/03/03 3:59 p.m.15 views

Xxe

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

6.8CVSS6.9AI score0.02133EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2017/03/03 3:59 p.m.6 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10127 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10127 Source advisory: OSV:PYSEC-2017-67...

9CVSS7.2AI score0.02133EPSS
Exploits0
PyPA
PyPA
added 2017/03/03 3:59 p.m.6 views

PYSEC-2017-67

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS7.1AI score0.02133EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2017/03/03 3:59 p.m.24 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS8.9AI score0.02133EPSS
Exploits0References6
OSV
OSV
added 2017/03/03 3:59 p.m.23 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS8.8AI score
Exploits0References6
Debian CVE
Debian CVE
added 2017/03/03 3:0 p.m.20 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS8.9AI score0.02133EPSS
Exploits0
Cvelist
Cvelist
added 2017/03/03 3:0 p.m.26 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

8.8AI score0.02133EPSS
Exploits0References6
CVE
CVE
added 2017/03/03 3:0 p.m.92 views

CVE-2016-10127

CVE-2016-10127 affects PySAML2 and is an XML External Entity (XXE) vulnerability in SAML XML processing. The issue arises from how the library parses crafted SAML requests/responses, enabling potential data disclosure or other XXE consequences as described in connected sources. The CVE entry also...

9CVSS8.7AI score0.02133EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2017/02/27 12:58 p.m.10 views

SUSE-SU-2017:0569-1 Security update for python-pysaml2

This update for python-pysaml2 fixes the following issues: - CVE-2016-10127 and CVE-2016-10149: XXE XML external entity issues were fixed in python-pysaml2, where external requests to other XML content could be made by parsing XML files using this SAML2 library. bsc1019074 To fix this bug, the ne...

9CVSS7.7AI score0.0386EPSS
Exploits0References4
CNVD
CNVD
added 2017/01/13 12:0 a.m.2 views

python-pysaml2 XML External Entity Injection Vulnerability

python-pysaml2 is an implementation of SAML2 written in python. An XML external entity injection vulnerability exists in python-pysaml2. An attacker could use this vulnerability to gain access to sensitive information or cause a denial of service...

9CVSS9.5AI score0.02133EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/01/13 12:0 a.m.40 views

Debian DSA-3759-1 : python-pysaml2 - security update

Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...

9CVSS6.6AI score0.0386EPSS
Exploits0References5
Debian
Debian
added 2017/01/12 7:25 a.m.27 views

[SECURITY] [DSA 3759-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq -...

9CVSS8.9AI score0.02133EPSS
Exploits0
Debian
Debian
added 2017/01/12 7:25 a.m.24 views

[SECURITY] [DSA 3759-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq -...

6.8CVSS1.5AI score0.02133EPSS
Exploits0
OpenVAS
OpenVAS
added 2017/01/12 12:0 a.m.18 views

Debian Security Advisory DSA 3759-1 (python-pysaml2 - security update)

Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. OpenVAS...

6.8CVSS8.9AI score0.02133EPSS
Exploits0References1
OSV
OSV
added 2017/01/12 12:0 a.m.16 views

DSA-3759-1 python-pysaml2 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.0386EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2017/01/11 9:18 a.m.20 views

CVE-2016-10127

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS6.4AI score0.02133EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2017/01/11 12:0 a.m.17 views

Debian: Security Advisory (DSA-3759-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS9.1AI score0.0386EPSS
Exploits0References3
Veracode
Veracode
added 2016/12/13 6:22 a.m.9 views

Information Disclosure

pysaml2 is vulnerable to information disclosure. After opening a file, the library does not close the filereader, allowing file descriptors to possibly leak...

6.3AI score
Exploits0
Veracode
Veracode
added 2016/12/08 5:23 a.m.14 views

Sanity Check Bypass

PySAML2 is vulnerable to sanity bypass. By failing a check and not causing an exception, malicious attackers can bypass all future checks. These checks can be failed by setting a wrong value for the destination or using a mismatched response ID...

6.7AI score
Exploits0
Rows per page
Query Builder