Lucene search
K

201 matches found

Tenable Nessus
Tenable Nessus
added 2021/01/27 12:0 a.m.42 views

FreeBSD : pysaml2 -- multiple vulnerabilities (fb67567a-5d95-11eb-a955-08002728f74c)

pysaml2 Releases : Fix processing of invalid SAML XML documents - CVE-2021-21238 Fix unspecified xmlsec1 key-type preference - CVE-2021-21239 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-202...

6.5CVSS7.2AI score0.0118EPSS
Exploits3References6
Veracode
Veracode
added 2021/01/22 5:5 a.m.21 views

Improper Verification Of Cryptographic Signature

pysaml2 improperly verifies cryptographic signatures. The default CryptoBackendXmlSec1 using the xmlsec1 binary incorrectly accepts any type of key found in the given document, instead of explicitly allowing only x509 certificates for verification...

6.5CVSS3.1AI score0.0118EPSS
Exploits3References8Affected Software3
Veracode
Veracode
added 2021/01/22 4:18 a.m.20 views

Validation Bypass

pysaml2 is vulnerable to validation bypass. The vulnerability exists through the use of CryptoBackendXmlSec1 backend as the verification is offloaded to xmlsec1, and xmlsec1 only validates the first signature it finds in the given document...

6.5CVSS3.5AI score0.01078EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2021/01/21 3:15 p.m.19 views

CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.6AI score0.0118EPSS
Exploits3References6
NVD
NVD
added 2021/01/21 3:15 p.m.12 views

CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.3AI score0.01078EPSS
Exploits0References4
OSV
OSV
added 2021/01/21 3:15 p.m.2 views

DEBIAN-CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.9AI score0.0118EPSS
Exploits3References1
OSV
OSV
added 2021/01/21 3:15 p.m.10 views

CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.2AI score
Exploits0References4
OSV
OSV
added 2021/01/21 3:15 p.m.5 views

DEBIAN-CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.9AI score0.01078EPSS
Exploits0References1
OSV
OSV
added 2021/01/21 3:15 p.m.26 views

CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.2AI score
Exploits0References6
PyPA
PyPA
added 2021/01/21 3:15 p.m.4 views

PYSEC-2021-49

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.8AI score0.0118EPSS
Exploits3References6Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/21 3:15 p.m.17 views

CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS6.8AI score0.01078EPSS
Exploits0References4
OSV
OSV
added 2021/01/21 3:15 p.m.16 views

PYSEC-2021-48

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS4AI score0.01078EPSS
Exploits0References4
Prion
Prion
added 2021/01/21 3:15 p.m.14 views

Information disclosure

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

4.3CVSS6.2AI score0.01078EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2021/01/21 3:15 p.m.24 views

CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.8AI score0.0118EPSS
Exploits3References7
vulnersOsv
vulnersOsv
added 2021/01/21 3:15 p.m.5 views

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21238 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21238 Source advisory: OSV:PYSEC-2021-48...

6.5CVSS6.8AI score0.01078EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/01/21 3:15 p.m.5 views

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21239 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21239 Source advisory: OSV:PYSEC-2021-49...

6.5CVSS6.8AI score0.0118EPSS
Exploits3
OSV
OSV
added 2021/01/21 3:15 p.m.3 views

UBUNTU-CVE-2021-21238

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...

6.5CVSS7.1AI score0.01078EPSS
Exploits0References5
OSV
OSV
added 2021/01/21 3:15 p.m.26 views

PYSEC-2021-49

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS3.2AI score0.0118EPSS
Exploits3References6
OSV
OSV
added 2021/01/21 3:15 p.m.2 views

UBUNTU-CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

6.5CVSS6.9AI score0.0118EPSS
Exploits3References8
Prion
Prion
added 2021/01/21 3:15 p.m.15 views

Design/Logic Flaw

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

4.3CVSS6.3AI score0.0118EPSS
Exploits3References6Affected Software2
Rows per page
Query Builder