Cloud Foundry cf-deployment和Cloud Foundry UUA 安全漏洞

Cloud Foundry cf-deployment and Cloud Foundry UUA are both products of the American Cloud Foundry Foundation. Cloud Foundry cf-deployment is a Cloud Foundry deployment tool. Cloud Foundry UUA is an identity authentication and authorization management service. There are security vulnerabilities in...

CVE-2026-22734 - UAA SAML 2.0 Signature Bypass | Cloud Foundry

Severity 8.8 / High CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N 8.6 / HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v77.21.0 through v78.8.0 are vulnerable to a bypass that allows an attacker to obtain a...

CVE-2026-20101

A vulnerability in the SAML 2.0 single sign-on SSO feature of Cisco Secure Firewall ASA Software and Secure FTD Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a DoS condition. This vulnerability is due to insufficient error checki...

CVE-2022-35741

Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity XXE injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When...

EUVD-2018-14347

Malware in sbrugna...

EUVD-2017-14299

Malware in sbrugna...

EUVD-2021-14478

Malware in sbrugna...

EUVD-2018-14226

Malware in sbrugna...

EUVD-2019-10271

Malware in sbrugna...

EUVD-2023-24443

Malicious code in bioql PyPI...

php-saml

This is a PHP SAML toolkit for adding SAML support to PHP software. It is a library provided and supported by OneLogin Inc. The library is compatible with PHP versions greater than 7.1. The library includes features such as: Support for SAML 2.0 Support for SAML 1.1 Support for SAML 1.0 Support f...

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

Cisco Firepower Threat Defense Software Authorization Bypass (cisco-sa-asaftd-saml-bypass-KkNvXyKW)

A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...

CVE-2024-20355

A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...

CVE-2024-20355

A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...

CVE-2024-20355

CVE-2024-20355 affects Cisco ASA/FTD SAML SSO. The issue stems from improper separation of authorization domains, allowing an authenticated remote user to reuse a SAML token to access a tunnel group they are not authorized for, enabling a remote VPN session to secured networks behind the device. ...

Cisco Adaptive Security Appliance and Firepower Threat Defense Software Authorization Bypass Vulnerability

A vulnerability in the implementation of SAML 2.0 single sign-on SSO for remote access VPN services in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affecte...

Input validation

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...

CVE-2023-20264

Cisco ASA/FTD SAML SSO implementation flaw allows an unauthenticated attacker to intercept a user’s SAML assertion during remote VPN authentication due to insufficient login URL validation. An attacker can entice a user to visit a site under the attacker’s control, modify the login URL, and use t...

CVE-2023-20264

A vulnerability in the implementation of Security Assertion Markup Language SAML 2.0 single sign-on SSO for remote access VPN in Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to intercept the SAML...