576 matches found
DEBIAN-CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
Input validation
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
CVE-2019-3465 affects Rob Richards XmlSecLibs (all versions before 3.0.3) used by SimpleSAMLphp, where XML signature validation is incorrect. An authenticated attacker can impersonate others or elevate privileges via crafted XML messages. The issue is mitigated by upgrading XmlSecLibs to v3.0.3 o...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
Debian DSA-4560-1 : simplesamlphp - security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Debian DLA-1983-1 : simplesamlphp security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 'Jessie', this problem has been fixed in version 1.13.1-2+deb8u3. We recommend that you upgrade your simplesamlphp packages...
Debian: Security Advisory (DSA-4560-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1983-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SimpleSAMLphp Input Validation Error Vulnerability
SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider features . A security vulnerability exists in SimpleSAMLphp that stems from the program's failure to properly validate cryptographic signatures in XML files. An attacker ca...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
DEBIAN-CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
Code injection
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
CVE-2011-4625
The CVE-2011-4625 entry concerns simplesamlphp and its XML encryption handling. In affected versions (before 1.6.3 for squeeze and before 1.8.2 for sid), the software allegedly mishandles XML encryption, which could allow remote attackers to decrypt or forge messages. The connected documents conf...