201 matches found
PYSEC-2017-67
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
Xxe
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10127 via pysaml2 (>=4.0.2 <=4.4.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10127 Source advisory: OSV:PYSEC-2017-67...
PYSEC-2017-67
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2016-10127
CVE-2016-10127 affects PySAML2 and is an XML External Entity (XXE) vulnerability in SAML XML processing. The issue arises from how the library parses crafted SAML requests/responses, enabling potential data disclosure or other XXE consequences as described in connected sources. The CVE entry also...
SUSE-SU-2017:0569-1 Security update for python-pysaml2
This update for python-pysaml2 fixes the following issues: - CVE-2016-10127 and CVE-2016-10149: XXE XML external entity issues were fixed in python-pysaml2, where external requests to other XML content could be made by parsing XML files using this SAML2 library. bsc1019074 To fix this bug, the ne...
python-pysaml2 XML External Entity Injection Vulnerability
python-pysaml2 is an implementation of SAML2 written in python. An XML external entity injection vulnerability exists in python-pysaml2. An attacker could use this vulnerability to gain access to sensitive information or cause a denial of service...
Debian DSA-3759-1 : python-pysaml2 - security update
Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. %NASLMINLEVEL...
[SECURITY] [DSA 3759-1] python-pysaml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3759-1] python-pysaml2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3759-1 [email protected] https://www.debian.org/security/ Sebastien Delafond January 12, 2017 https://www.debian.org/security/faq -...
Debian Security Advisory DSA 3759-1 (python-pysaml2 - security update)
Matias P. Brutti discovered that python-pysaml2, a Python implementation of the Security Assertion Markup Language 2.0, did not correctly sanitize the XML messages it handled. This allowed a remote attacker to perform XML External Entity attacks, leading to a wide range of exploits. OpenVAS...
DSA-3759-1 python-pysaml2 - security update
Bulletin has no description...
CVE-2016-10127
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
Debian: Security Advisory (DSA-3759-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information Disclosure
pysaml2 is vulnerable to information disclosure. After opening a file, the library does not close the filereader, allowing file descriptors to possibly leak...
Sanity Check Bypass
PySAML2 is vulnerable to sanity bypass. By failing a check and not causing an exception, malicious attackers can bypass all future checks. These checks can be failed by setting a wrong value for the destination or using a mismatched response ID...