201 matches found
SUSE CVE-2016-10149
XML External Entity XXE vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response...
SUSE CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
SUSE CVE-2017-1000433
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...
SUSE CVE-2020-5390
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...
Ubuntu: Security Advisory (USN-5066-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PySAML2 XML external entity attack
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +4 more potentially affected by CVE-2016-10127 via pysaml2 (>=4.0.2 <=4.4.0)
pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =12.0.2, =0.6.1, =3.4.8 Source cves: CVE-2016-10127 Source advisory: OSV:GHSA-M269-WJ6G-C459...
GHSA-M269-WJ6G-C459 PySAML2 XML external entity attack
PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response...
CVE-2021-21238
A verification flaw was found in python-pysaml2, where it did not validate signed SAML documents against an XML schema. Because the flaw allowed invalid XML documents to be processed, a network attacker could exploit this flaw by tricking pysaml2 with a wrapped signature. Mitigation Mitigation fo...
CVE-2021-21239
A verification flaw was found in python-pysaml2, where it did not ensure that a signed SAML document was correctly signed. The default CryptoBackendXmlSec1 backend uses the xmlsec1 binary to verify the signature of signed SAML documents, but by default xmlsec1 accepts any type of key found within...
Ubuntu 16.04 ESM : PySAML2 vulnerability (USN-5066-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5066-2 advisory. USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...
Ubuntu: Security Advisory (USN-5066-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5066-2: PySAML2 vulnerability
USN-5066-1 fixed a vulnerability in PySAML2. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...
USN-5066-1: PySAML2 vulnerability
Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...
USN-5066-1 python-pysaml2 vulnerability
Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents...
Ubuntu 18.04 LTS / 20.04 LTS : PySAML2 vulnerability (USN-5066-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5066-1 advisory. Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML...
Debian DLA-2577-1 : python-pysaml2 security update
Several issues have been found in python-pysaml2, a pure python implementation of SAML Version 2 Standard. CVE-2017-1000433 pysaml2 accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. CVE-2021-21239 pysaml2 ha...
Debian: Security Advisory (DLA-2577-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2577-1] python-pysaml2 security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2577-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA February 26, 2021 https://wiki.debian.org/LTS -...
DLA-2577-1 python-pysaml2 - security update
Bulletin has no description...