Lucene search
K

32 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : open-vm-tools-11.0.5-3.el7.9 (AXSA:2023-6579:12)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6579:12 advisory. open-vm-tools: SAML token signature bypass CVE-2023-34058 open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper...

7.5CVSS5.7AI score0.00667EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/06 3:2 p.m.3 views

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. Mitigation Mitigation for thi...

7.5CVSS6.2AI score0.0046EPSS
Exploits1References5
OSV
OSV
added 2025/11/05 3:15 p.m.8 views

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS6.8AI score
Exploits0References2
OSV
OSV
added 2025/11/05 3:15 p.m.12 views

AZL-69841 CVE-2025-46404 affecting package lasso for versions less than 2.9.0-1

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS5.8AI score0.0046EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/05 2:56 p.m.8 views

CVE-2025-46404

A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability...

7.5CVSS0.0046EPSS
Exploits1References1
Talos
Talos
added 2025/11/05 12:0 a.m.8 views

Entr'ouvert Lasso lasso_provider_verify_saml_signature denial of service vulnerability

Talos Vulnerability Report TALOS-2025-2194 Entr'ouvert Lasso lassoproviderverifysamlsignature denial of service vulnerability November 5, 2025 CVE Number CVE-2025-46404 SUMMARY A denial of service vulnerability exists in the lassoproviderverifysamlsignature functionality of Entr'ouvert Lasso 2.5....

7.5CVSS7AI score0.0046EPSS
Exploits1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-1393

Malware in sbrugna...

4.3CVSS6.4AI score0.01249EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15809

Malicious code in bioql PyPI...

9.9CVSS8.7AI score0.00458EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/07/28 8:38 p.m.6 views

Node-SAML SAML Signature Verification Vulnerability

Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any...

10CVSS6.3AI score0.00357EPSS
Exploits0References5Affected Software3
Github Security Blog
Github Security Blog
added 2025/05/19 10:33 p.m.33 views

samlify SAML Signature Wrapping attack

A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...

9.9CVSS6.7AI score0.00458EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/19 7:28 p.m.55 views

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

9.9CVSS0.00458EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/18 7:25 p.m.2 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of SAML response signatures which allows an attacker to inject a malicious, signed XML element as the first signature, bypassing proper verification and enabling impersonation of any SPID or...

9.3CVSS7AI score0.0056EPSS
Exploits0References2
Snyk
Snyk
added 2025/02/18 7:25 p.m.3 views

User Impersonation

Overview SPID.AspNetCore.Authentication is a custom implementation of an AspNetCore RemoteAuthenticationHandler for SPID a.k.a. the Italian 'Sistema Pubblico di Identità Digitale'. Affected versions of this package are vulnerable to User Impersonation due to the insufficient validation of SAML...

9.3CVSS6.9AI score0.0056EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.5 views

AspNetCore Remote Authenticator for CIE3.0 授权问题漏洞

AspNetCore Remote Authenticator for CIE3.0 is an open source AspNetCore Remote Authenticator for CIE 3.0 by Developers Italia. An authorization issue vulnerability exists in AspNetCore Remote Authenticator for CIE3.0 that stems from not properly verifying the signature of a SAML response. An...

9.1CVSS8.7AI score0.0056EPSS
Exploits0References2
OSV
OSV
added 2024/09/19 6:30 p.m.2 views

GHSA-4XX7-2CX3-X473 Duplicate Advisory: Keycloak SAML signature validation flaw

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xgfv-xpx8-qhcr. This link is maintained to preserve external references. Original Description A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method...

7.7CVSS6.9AI score0.0203EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2024/09/19 4:15 p.m.6 views

CVE-2024-8698

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.1AI score0.0203EPSS
Exploits0References17
NVD
NVD
added 2024/09/19 4:15 p.m.46 views

CVE-2024-8698

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS0.0203EPSS
Exploits0References14
CVE
CVE
added 2024/09/19 3:48 p.m.186 views

CVE-2024-8698

CVE-2024-8698 affects Keycloak’s SAML signature validation in the XMLSignatureUtil class. The vulnerability stems from misclassifying a signature as applying to the full document versus only to specific assertions based on signature position, not the referenced element, enabling crafted SAML resp...

7.7CVSS7.3AI score0.0203EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2024/09/19 3:45 p.m.24 views

CVE-2024-8698

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.8AI score0.0203EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.6 views

Red Hat Keycloak 数据伪造问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A Data Forgery Issue vulnerability exists in Red Hat Keycloak versions prior to 25.0.6, which stems from a flaw in the SAML signature validatio...

7.7CVSS4.3AI score0.0203EPSS
Exploits0References14
Rows per page
Query Builder