10 matches found
CVE-2026-54782
CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF SAML 1.1 and SAML 2.0 token validation does not correctly resolve the issuer signing key or require signed tokens when IdentityConfiguration is used with federated binding...
EUVD-2021-0210
Malware in sbrugna...
EUVD-2024-32396
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-21238
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability...
Authentication Bypass
github.com/fleetdm/fleet is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation of SAML authentication assertions, allowing an attacker to forge responses and create unauthorized accounts if Just-In-Time JIT provisioning or MDM enrollment is enabled...
CVE-2024-3826 Broken SAML Validation
In versions of Akana in versions prior to and including 2022.1.3 validation is broken when using the SAML Single Sign-On SSO functionality...
CVE-2021-43999 Improper validation of SAML responses
Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user...
UBUNTU-CVE-2021-21238
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping...
CVE-2016-9814
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...
CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
It was found that the SecurityTokenService STS, provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens...