Lucene search
K

718 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2025-25343

Malicious code in bioql PyPI...

8.1CVSS6.3AI score0.00239EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/09/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-9943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SQL injection vulnerability has been identified in the ID attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is...

9.1CVSS6AI score0.00368EPSS
Exploits0References2
Debian
Debian
added 2025/09/14 8:55 p.m.5 views

[SECURITY] [DLA 4300-1] shibboleth-sp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2025 https://wiki.debian.org/LTS -...

9.1CVSS7.4AI score0.00368EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/14 12:0 a.m.3 views

Debian dla-4300 : libapache2-mod-shib - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4300 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References4
OSV
OSV
added 2025/09/14 12:0 a.m.6 views

DLA-4300-1 shibboleth-sp - security update

Bulletin has no description...

9.1CVSS7AI score0.00368EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.4 views

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

9.1CVSS8.2AI score0.00368EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/09/10 11:27 p.m.3 views

SUSE CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

7.3CVSS7.9AI score0.00368EPSS
Exploits0References3
OSV
OSV
added 2025/09/10 7:15 a.m.5 views

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

8.3AI score
Exploits0References3
OSV
OSV
added 2025/09/10 7:15 a.m.2 views

DEBIAN-CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

9.1CVSS6AI score0.00368EPSS
Exploits0References1
OSV
OSV
added 2025/09/10 7:15 a.m.2 views

UBUNTU-CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

9.1CVSS6AI score0.00368EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/09/10 6:45 a.m.10 views

CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

0.00368EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/10 6:45 a.m.1 views

CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

7.5AI score0.00368EPSS
Exploits0References3
CVE
CVE
added 2025/09/10 6:45 a.m.26 views

CVE-2025-9943

CVE-2025-9943 describes an SQL injection in the Shibboleth Service Provider (SP) when the replay cache uses an SQL store via the ODBC plugin. The root cause is insufficient escaping of single quotes in the class SQLString (odbc-store.cpp, lines 253–271), allowing a blind SQL injection by an unaut...

9.1CVSS7.6AI score0.00368EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.3 views

PT-2025-37025

Name of the Vulnerable Software and Affected Versions: Shibboleth Service Provider versions through 3.5.0 Description: An SQL injection vulnerability exists in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database ...

9.1CVSS7.6AI score0.00368EPSS
Exploits0References12
CNNVD
CNNVD
added 2025/09/10 12:0 a.m.4 views

Shibboleth Service Provider 安全漏洞

Shibboleth Service Provider is a single sign-on framework from Shibboleth UK. A security vulnerability exists in Shibboleth Service Provider 3.5.0 and earlier versions, which stems from a SQL injection in the ID attribute of a SAML response, which could lead to the disclosure of database...

9.1CVSS7.1AI score0.00368EPSS
Exploits0References3
Debian
Debian
added 2025/09/07 2:18 p.m.4 views

[SECURITY] [DSA 5994-1] shibboleth-sp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2025 https://www.debian.org/security/faq -...

7.5AI score
Exploits0
OSV
OSV
added 2025/09/07 12:0 a.m.1 views

DSA-5994-1 shibboleth-sp - security update

Bulletin has no description...

9.1CVSS7AI score0.00368EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/07 12:0 a.m.2 views

Debian dsa-5994 : libapache2-mod-shib - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-5994 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5994-1 [email protected] https://www.debian.org/security/...

5.9AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/05 12:0 a.m.2 views

FreeBSD : Shibboleth Service Provider -- SQL injection vulnerability in ODBC plugin (9f9b0b37-88fa-11f0-90a2-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9f9b0b37-88fa-11f0-90a2-6cc21735f730 advisory. Internet2 reports: The Shibboleth Service Provider includes a storage API usable for a number of...

6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-19191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shibboleth Service Provider SP 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user the shibd account...

7.8CVSS7.4AI score0.0048EPSS
Exploits1References2
Rows per page
Query Builder