Lucene search
K

3772 matches found

Cvelist
Cvelist
added 2012/01/04 2:0 a.m.22 views

CVE-2011-1386

IBM Tivoli Federated Identity Manager TFIM and Tivoli Federated Identity Manager Business Gateway TFIMBG 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization...

6.8AI score0.01249EPSS
Exploits0References5
CVE
CVE
added 2012/01/04 2:0 a.m.49 views

CVE-2011-1386

The CVE concerns IBM Tivoli Federated Identity Manager (TFIM) and TFIMBG versions 6.1.1, 6.2.0, and 6.2.1, where signature validation for SAML 1.0/1.1/2.0 is not performed correctly. This allows remote attackers to bypass authentication or authorization by submitting a non-conforming SAML signatu...

4.3CVSS7AI score0.01249EPSS
Exploits0References5Affected Software2
Fedora
Fedora
added 2011/09/26 11:23 p.m.22 views

[SECURITY] Fedora 15 Update: opensaml-2.3-4.fc15

OpenSAML is an open source implementation of the OASIS Security Assertion Markup Language Specification. It contains a set of open source C++ classes that support the SAML 1.0, 1.1, and 2.0 specifications...

5.8CVSS1.5AI score0.02291EPSS
Exploits0
NVD
NVD
added 2011/08/12 5:55 p.m.18 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...

5CVSS6.3AI score0.00785EPSS
Exploits0References2
Prion
Prion
added 2011/08/12 5:55 p.m.17 views

Design/Logic Flaw

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...

5CVSS6.9AI score0.00785EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2011/08/12 5:0 p.m.47 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 is vulnerable to a spoofing issue in its SAML 1.x browser-artifact handling. The root cause is an incomplete browser-artifact mechanism that enables remote OpenID providers to spoof assertions via the Issuer field, affecting TFIM versions prior t...

5CVSS6.5AI score0.00785EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2011/08/12 5:0 p.m.25 views

CVE-2008-7299

IBM Tivoli Federated Identity Manager TFIM 6.2.0 before 6.2.0.2 uses an incomplete SAML 1.x browser-artifact, which allows remote OpenID providers to spoof assertions via vectors related to the Issuer field...

6.3AI score0.00785EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2010/08/31 12:0 a.m.19 views

Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)

Security fixes Fix a session hijacking hole CVE-2010-2795 PHPCAS-61 callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 PHPCAS-67 Bug fixes Fix warnings for SAML responses without attributes PHPCAS-59 Fix duplicate SAML debug output PHPCAS-64 Providing a new ST/PT/SA during...

4CVSS5.3AI score0.02517EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/08/31 12:0 a.m.21 views

Fedora 12 : php-pear-CAS-1.1.2-1.fc12 (2010-12247)

Security fixes Fix a session hijacking hole CVE-2010-2795 PHPCAS-61 callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 PHPCAS-67 Bug fixes Fix warnings for SAML responses without attributes PHPCAS-59 Fix duplicate SAML debug output PHPCAS-64 Providing a new ST/PT/SA during...

4CVSS5.3AI score0.02517EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.26 views

Debian DSA-1896-1 : opensaml, shibboleth-sp - several vulnerabilities

Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate...

7.5CVSS5.8AI score0.01544EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.27 views

Debian DSA-1895-1 : xmltooling - several vulnerabilities

Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth : - Chris Ries discovered that decoding a crafted URL leads to a crash and potentially, arbitrary code execution. - Ian Young discovered that embedded NUL characters in certificate names were not...

7.5CVSS5.8AI score0.01544EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/10/19 12:0 a.m.30 views

Debian: Security Advisory (DSA-1895-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.3CVSS6.5AI score0.04097EPSS
Exploits0References3
Debian
Debian
added 2009/10/09 6:58 p.m.10 views

[SECURITY] [DSA 1895-2] New opensaml2 and shibboleth-sp2 packages fix regression

------------------------------------------------------------------------ Debian Security Advisory DSA-1895-2 [email protected] http://www.debian.org/security/ Florian Weimer October 09, 2009 http://www.debian.org/security/faq -...

7.2AI score
Exploits0
OSV
OSV
added 2009/10/09 12:0 a.m.25 views

DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict

Bulletin has no description...

9.3CVSS5.5AI score0.04097EPSS
Exploits0
OpenVAS
OpenVAS
added 2009/10/06 12:0 a.m.24 views

Debian Security Advisory DSA 1896-1 (opensaml, shibboleth-sp)

The remote host is missing an update to opensaml, shibboleth-sp announced via advisory DSA 1896-1. OpenVAS Vulnerability Test $Id: deb18961.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1896-1 opensaml, shibboleth-sp Authors: Thomas Reinke Copyright:...

7.5CVSS0.1AI score0.01544EPSS
Exploits0
Debian
Debian
added 2009/09/28 5:13 a.m.14 views

[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution

------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...

7.9AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.53 views

[SECURITY] [DSA 1896-1] New Shibboleth 1.x packages fix potential code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1896-1 [email protected] http://www.debian.org/security/ Florian Weimer September 28, 2009 http://www.debian.org/security/faq -...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2009/09/28 12:0 a.m.44 views

[SECURITY] [DSA 1895-1] New xmltooling packages fix potential code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1895-1 [email protected] http://www.debian.org/security/ Florian Weimer September 24, 2009 http://www.debian.org/security/faq -...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2009/09/28 12:0 a.m.24 views

Debian Security Advisory DSA 1895-1 (xmltooling)

The remote host is missing an update to xmltooling announced via advisory DSA 1895-1. OpenVAS Vulnerability Test $Id: deb18951.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1895-1 xmltooling Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

7.5CVSS0.7AI score0.01544EPSS
Exploits0
OSV
OSV
added 2009/09/28 12:0 a.m.17 views

DSA-1896-1 opensaml shibboleth-sp - potential code execution

Bulletin has no description...

9.3CVSS5.6AI score0.04097EPSS
Exploits0
Rows per page
Query Builder