32 matches found
MiracleLinux 7 : open-vm-tools-11.0.5-3.el7.9 (AXSA:2023-6579:12)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6579:12 advisory. open-vm-tools: SAML token signature bypass CVE-2023-34058 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper...
CVE-2025-46404
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. Mitigation Mitigation for thi...
CVE-2025-46404
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...
AZL-69841 CVE-2025-46404 affecting package lasso for versions less than 2.9.0-1
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...
CVE-2025-46404
A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...
Entr'ouvert Lasso lasso_provider_verify_saml_signature denial of service vulnerability
Talos Vulnerability Report TALOS-2025-2194 Entr'ouvert Lasso lassoproviderverifysamlsignature denial of service vulnerability November 5, 2025 CVE Number CVE-2025-46404 SUMMARY A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5....
EUVD-2011-1393
Malware in sbrugna...
EUVD-2025-15809
Malicious code in bioql PyPI...
Node-SAML SAML Signature Verification Vulnerability
Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...
samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
CVE-2025-47949 samlify SAML Signature Wrapping attack
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of SAML response signatures which allows an attacker to inject a malicious, signed XML element as the first signature, bypassing proper verification and enabling impersonation of any SPID or...
User Impersonation
Overview SPID.AspNetCore.Authentication is a custom implementation of an AspNetCore RemoteAuthenticationHandler for SPID a.k.a. the Italian 'Sistema Pubblico di Identità Digitale'. Affected versions of this package are vulnerable to User Impersonation due to the insufficient validation of SAML...
AspNetCore Remote Authenticator for CIE3.0 授权问题漏洞
AspNetCore Remote Authenticator for CIE3.0 is an open source AspNetCore Remote Authenticator for CIE 3.0 by Developers Italia. An authorization issue vulnerability exists in AspNetCore Remote Authenticator for CIE3.0 that stems from not properly verifying the signature of a SAML response. An...
GHSA-4XX7-2CX3-X473 Duplicate Advisory: Keycloak SAML signature validation flaw
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references. Original Description A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method...
CVE-2024-8698
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...
CVE-2024-8698
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...
CVE-2024-8698
CVE-2024-8698 affects Keycloak’s SAML signature validation in the XMLSignatureUtil class. The vulnerability stems from misclassifying a signature as applying to the full document versus only to specific assertions based on signature position, not the referenced element, enabling crafted SAML resp...
CVE-2024-8698
A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...
Red Hat Keycloak 数据伪造问题漏洞
Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A Data Forgery Issue vulnerability exists in Red Hat Keycloak versions prior to 25.0.6, which stems from a flaw in the SAML signature validatio...