Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-1393

Malware in sbrugna...

4.3CVSS6.4AI score0.01249EPSS
Exploits0References6
Snyk
Snyk
added 2025/02/18 7:25 p.m.3 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of SAML response signatures which allows an attacker to inject a malicious, signed XML element as the first signature, bypassing proper verification and enabling impersonation of any SPID or...

9.3CVSS7AI score0.0056EPSS
Exploits0References2
CVE
CVE
added 2024/09/19 3:48 p.m.188 views

CVE-2024-8698

CVE-2024-8698 affects Keycloak’s SAML signature validation in the XMLSignatureUtil class. The vulnerability stems from misclassifying a signature as applying to the full document versus only to specific assertions based on signature position, not the referenced element, enabling crafted SAML resp...

7.7CVSS7.3AI score0.0203EPSS
Exploits0References14
Veracode
Veracode
added 2023/06/27 1:41 p.m.16 views

Authentication Bypass

passport-wsfed-saml2 is vulnerable to Authentication Bypass. The vulnerability exists because the SAML signature validation in saml.js does not ensure that the Signature tag is in the proper location inside the Assertion tag, which allows an attacker to bypass permission checks and gain access to...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/06/21 12:0 a.m.7 views

PT-2023-32981 · Unknown · Passport-Wsfed-Saml2

Name of the Vulnerable Software and Affected Versions: passport-wsfed-saml2 versions prior to 3.0.10 Description: A vulnerability was found in the validation of a SAML signature, where the validation doesn't ensure that the Signature tag is at the proper location inside an Assertion tag. This lea...

6.9AI score
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:55 a.m.5 views

SUSE CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

9.1CVSS7.1AI score0.02424EPSS
Exploits0References3
Mageia
Mageia
added 2022/12/30 10:39 p.m.64 views

Updated sogo packages fix security vulnerability

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...

7.5CVSS3.9AI score0.00987EPSS
Exploits0References3
OSV
OSV
added 2022/12/30 10:39 p.m.4 views

MGASA-2022-0481 Updated sogo packages fix security vulnerability

Missing SAML signature validation in the SOGo groupware could result in impersonation attacks. CVE-2021-33054...

7.5CVSS7.4AI score0.00987EPSS
Exploits0References4
OSV
OSV
added 2021/06/04 3:15 p.m.4 views

DEBIAN-CVE-2021-33054

SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deployment could impersonate users when SAML is the authentication method. Only versions after 2.0.5a are affected...

7.5CVSS7.3AI score0.00987EPSS
Exploits0References1
Rows per page
Query Builder