Lucene search
K

216 matches found

RedhatCVE
RedhatCVE
added 2025/02/20 7:19 p.m.13 views

CVE-2025-24894

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

9.1CVSS6.8AI score0.0056EPSS
Exploits0References1
NVD
NVD
added 2025/02/18 7:15 p.m.43 views

CVE-2025-24894

SPID.AspNetCore.Authentication is an AspNetCore Remote Authenticator for SPID. Authentication using Spid and CIE is based on the SAML2 standard which provides two entities: Identity Provider IDP: the system that authenticates users and provides identity information SAML affirmation to the Service...

9.1CVSS0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.14 views

CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

9.8CVSS6.9AI score0.02422EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:37 p.m.6 views

CVE-2020-5261

Saml2 Authentication services for ASP.NET NuGet package Sustainsys.Saml2 greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patche...

8.2CVSS6.7AI score0.01204EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/05 12:21 p.m.6 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS6.6AI score0.00414EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/12/02 5:25 p.m.30 views

SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.phpL41 including the DTDLoad option, which allows...

8.3CVSS8AI score0.00414EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/12/02 5:25 p.m.20 views

GHSA-PXM4-R5PH-Q2M2 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

Summary When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. $options is defined as: https://github.com/simplesamlphp/saml2/blob/717c0adc4877ebd58428637e5626345e59fa0109/src/SAML2/DOMDocumentFactory.phpL41 including the DTDLoad option, which allows...

8.3CVSS8AI score0.00414EPSS
Exploits0References4
NVD
NVD
added 2024/12/02 5:15 p.m.16 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS0.00414EPSS
Exploits0References2
Snyk
Snyk
added 2024/12/02 4:42 p.m.1 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection due to improper sanitization of XML body in the fromString function. Workaround Remove the LIBXMLDTDLOAD | LIBXMLDTDATTR options from $options Details XXE Injection is a type of attack against an...

8.8CVSS7.5AI score0.00414EPSS
Exploits0References2
CVE
CVE
added 2024/12/02 4:18 p.m.77 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is affected by an XXE when loading an untrusted XML document (e.g., SAMLResponse). The issue is tied to parsing XML in the library, and the vulnerability is fixed in versions 4.6.14 and 5.0.0-alpha.18. Affected component: SimpleSAMLphp SAML2; root cause: XXE during XML...

8.3CVSS8.2AI score0.00414EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/02 4:18 p.m.20 views

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS0.00414EPSS
Exploits0References2
OSV
OSV
added 2024/12/02 4:18 p.m.6 views

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS6.5AI score0.00414EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/02 4:18 p.m.13 views

CVE-2024-52806 SimpleSAMLphp SAML2 has an XXE in parsing SAML messages

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS6.8AI score0.00414EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/12/02 4:18 p.m.16 views

CVE-2024-52806

SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an untrusted XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18...

8.3CVSS5.3AI score0.00414EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/02 12:0 a.m.4 views

PT-2024-35456 · Unknown · Simplesamlphp Saml2 Library

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp SAML2 library versions prior to 4.6.14 SimpleSAMLphp SAML2 library versions prior to 5.0.0-alpha.18 Description: The SimpleSAMLphp SAML2 library is vulnerable to an XML External Entity XXE attack when loading untrusted XML...

8.8CVSS7.6AI score0.00985EPSS
Exploits0References22
OSV
OSV
added 2024/08/12 1:38 p.m.18 views

CVE-2024-42167

The function "generateappcertificates" in controllers/saml2/saml2.js of FIWARE Keyrock = 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user with permissions to create applications to execute commands by creating an application with a malicio...

7.2CVSS7.2AI score
Exploits0References1
Veracode
Veracode
added 2023/11/29 12:57 p.m.12 views

Improper Signature Validation

simplesamlphp/xml-security and simplesamlphp/saml2 are vulnerable to Improper Signature Validation. The vulnerability is due to a lack of proper signature validation in the validateReference method. This could lead to the forging of digital signatures...

7.5CVSS7AI score0.00193EPSS
Exploits1References3Affected Software2
SUSE CVE
SUSE CVE
added 2023/10/31 2:44 a.m.4 views

SUSE CVE-2016-8638

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

9.1CVSS6.9AI score0.02119EPSS
Exploits0References2
Veracode
Veracode
added 2023/09/21 11:34 a.m.26 views

Authentication Bypass

Sustainsys.Saml2 is vulnerable to Authentication Bypass. The vulnerability is caused by a missing validation check for the issuer of the Saml2 assertion in a Saml2 response and issuer identified in the stored request state. This can lead to a malicious identity provider to craft a Saml2 response...

7.5CVSS6.6AI score0.00601EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/20 11:1 p.m.24 views

Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation

Impact When a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause store...

7.5CVSS6.6AI score0.00601EPSS
Exploits0References5Affected Software2
Rows per page
Query Builder