718 matches found
EUVD-2025-25343
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-9943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SQL injection vulnerability has been identified in the ID attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is...
[SECURITY] [DLA 4300-1] shibboleth-sp security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2025 https://wiki.debian.org/LTS -...
Debian dla-4300 : libapache2-mod-shib - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4300 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/...
DLA-4300-1 shibboleth-sp - security update
Bulletin has no description...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
SUSE CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
DEBIAN-CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
UBUNTU-CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943
CVE-2025-9943 describes an SQL injection in the Shibboleth Service Provider (SP) when the replay cache uses an SQL store via the ODBC plugin. The root cause is insufficient escaping of single quotes in the class SQLString (odbc-store.cpp, lines 253–271), allowing a blind SQL injection by an unaut...
PT-2025-37025
Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider versions through 3.5.0 Description: An SQL injection vulnerability exists in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database ...
Shibboleth Service Provider 安全漏洞
Shibboleth Service Provider is a single sign-on framework from Shibboleth UK. A security vulnerability exists in Shibboleth Service Provider 3.5.0 and earlier versions, which stems from a SQL injection in the ID attribute of a SAML response, which could lead to the disclosure of database...
[SECURITY] [DSA 5994-1] shibboleth-sp security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2025 https://www.debian.org/security/faq -...
DSA-5994-1 shibboleth-sp - security update
Bulletin has no description...
Debian dsa-5994 : libapache2-mod-shib - security update
The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-5994 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/...
FreeBSD : Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin (9f9b0b37-88fa-11f0-90a2-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9f9b0b37-88fa-11f0-90a2-6cc21735f730 advisory. Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of...
Linux Distros Unpatched Vulnerability : CVE-2019-19191
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account...