50 matches found
EUVD-2024-47149
Malicious code in bioql PyPI...
EUVD-2021-8748
Malicious code in bioql PyPI...
CVE-2019-1006
An authentication bypass vulnerability exists in Windows Communication Foundation WCF and Windows Identity Foundation WIF, allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'...
CVE-2024-5249
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
CVE-2024-5249 SAML Replay in Akana
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
CVE-2024-5249 SAML Replay in Akana
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
Ubuntu: Security Advisory (USN-6463-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6463-2: Open VM Tools vulnerabilities
USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could...
USN-6463-1: Open VM Tools vulnerabilities
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...
Ubuntu: Security Advisory (USN-6365-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6365-2: Open VM Tools vulnerability
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...
USN-6365-2 open-vm-tools vulnerability
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...
USN-6365-1: Open VM Tools vulnerability
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations...
USN-6365-1 open-vm-tools vulnerability
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations...
Improper Input Validation in Apache CXF
The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...
GHSA-38X2-FP9M-87MX Improper Input Validation in Apache CXF
The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...
Mageia: Security Advisory (MGASA-2014-0557)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SAP HANA Database Signature Validation Improperity Vulnerability
SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP, which supports users to query and analyze real-time business data. An improper signature validation vulnerability exists in SAP HANA Database versions 1.0 and 2.0. The vulnerability stems from the program...
CVE-2021-21474
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidatin...
CVE-2021-21474
SAP HANA Database, versions - 1.0, 2.0, accepts SAML tokens with MD5 digest, an attacker who manages to obtain an MD5-digest signed SAML Assertion issued for an SAP HANA instance might be able to tamper with it and alter it in a way that the digest continues to be the same and without invalidatin...