Lucene search
K

201 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.5 views

SUSE CVE-2016-10149

XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...

7.5CVSS7AI score0.0386EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:35 a.m.4 views

SUSE CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

3.7CVSS7.8AI score0.00905EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.3 views

SUSE CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

8.1CVSS7.7AI score0.0252EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:3 a.m.1 views

SUSE CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

5.3CVSS7.8AI score0.01207EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/08/26 12:0 a.m.24 views

Ubuntu: Security Advisory (USN-5066-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.8AI score0.0118EPSS
Exploits3References2
Github Security Blog
Github Security Blog
added 2022/05/17 2:56 a.m.30 views

PySAML2 XML external entity attack

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9CVSS6.2AI score0.02133EPSS
Exploits0References9Affected Software1
vulnersOsv
vulnersOsv
added 2022/05/17 2:56 a.m.4 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10127 via pysaml2 (>=4.0.2 <=4.4.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10127 Source advisory: OSV:GHSA-M269-WJ6G-C459...

9CVSS7.2AI score0.02133EPSS
Exploits0
OSV
OSV
added 2022/05/17 2:56 a.m.27 views

GHSA-M269-WJ6G-C459 PySAML2 XML external entity attack

PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...

9.4CVSS8.7AI score0.02133EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2021/09/24 11:12 a.m.45 views

CVE-2021-21238

A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature. Mitigation Mitigation fo...

6.5CVSS0.6AI score0.01078EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2021/09/24 11:10 a.m.65 views

CVE-2021-21239

A verification flaw was found in python-pysaml2, where it did not ensure that a signed SAML document was correctly signed. The default CryptoBackendXmlSec1 backend uses the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within...

6.5CVSS1.1AI score0.0118EPSS
Exploits3References3
Tenable Nessus
Tenable Nessus
added 2021/09/14 12:0 a.m.26 views

Ubuntu 16.04 ESM : PySAML2 vulnerability (USN-5066-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5066-2 advisory. USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

6.5CVSS7AI score0.0118EPSS
Exploits3References2
OpenVAS
OpenVAS
added 2021/09/09 12:0 a.m.17 views

Ubuntu: Security Advisory (USN-5066-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.0118EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2021/09/08 1:28 p.m.104 views

USN-5066-2: PySAML2 vulnerability

USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

6.5CVSS7.1AI score0.0118EPSS
Exploits3
Ubuntu
Ubuntu
added 2021/09/08 11:28 a.m.103 views

USN-5066-1: PySAML2 vulnerability

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

6.5CVSS7AI score0.0118EPSS
Exploits3
OSV
OSV
added 2021/09/08 11:28 a.m.3 views

USN-5066-1 python-pysaml2 vulnerability

Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...

6.5CVSS7AI score0.0118EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/09/08 12:0 a.m.26 views

Ubuntu 18.04 LTS / 20.04 LTS : PySAML2 vulnerability (USN-5066-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5066-1 advisory. Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML...

6.5CVSS7.1AI score0.0118EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2021/03/01 12:0 a.m.107 views

Debian DLA-2577-1 : python-pysaml2 security update

Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433 pysaml2 accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. CVE-2021-21239 pysaml2 ha...

8.1CVSS6.9AI score0.0252EPSS
Exploits3References5
OpenVAS
OpenVAS
added 2021/02/27 12:0 a.m.18 views

Debian: Security Advisory (DLA-2577-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS7.3AI score0.0252EPSS
Exploits3References4
Debian
Debian
added 2021/02/26 5:5 a.m.230 views

[SECURITY] [DLA 2577-1] python-pysaml2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2577-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 26, 2021 https://wiki.debian.org/LTS -...

8.1CVSS7.5AI score0.0252EPSS
Exploits3
OSV
OSV
added 2021/02/26 12:0 a.m.35 views

DLA-2577-1 python-pysaml2 - security update

Bulletin has no description...

8.1CVSS6.9AI score0.0252EPSS
Exploits3
Rows per page
Query Builder