108 matches found
Astra Linux - уязвимость в xmltooling
Shibboleth XMLTooling before version 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allowed SSRF through a specially crafted KeyInfo element. This issue has been fixed, for example, in Shibboleth Service Provider 3.4.1.3 on Windows...
CVE-2021-28963
Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters...
CVE-2021-31826
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...
EUVD-2015-2775
Malware in sbrugna...
EUVD-2021-18701
Malware in sbrugna...
EUVD-2017-8026
Malware in sbrugna...
EUVD-2021-15612
Malware in sbrugna...
EUVD-2019-8823
Malware in sbrugna...
EUVD-2022-2804
Malicious code in bioql PyPI...
EUVD-2025-27518
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-9943
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An SQL injection vulnerability has been identified in the ID attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is...
[SECURITY] [DLA 4300-1] shibboleth-sp security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès September 14, 2025 https://wiki.debian.org/LTS -...
Debian dla-4300 : libapache2-mod-shib - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4300 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4300-1 [email protected] https://www.debian.org/lts/security/...
DLA-4300-1 shibboleth-sp - security update
Bulletin has no description...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
SUSE CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
DEBIAN-CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
UBUNTU-CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...