Lucene search
K

193 matches found

Prion
Prion
added 2019/04/17 2:29 p.m.15 views

Authentication flaw

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

7.5CVSS9.5AI score0.02381EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/04/17 2:29 p.m.33 views

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS8.8AI score0.02415EPSS
Exploits1References2
OSV
OSV
added 2019/04/17 2:29 p.m.26 views

CVE-2017-11427

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS9.5AI score
Exploits0References2
OSV
OSV
added 2019/04/17 2:29 p.m.16 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS6.9AI score
Exploits0References2
OSV
OSV
added 2019/04/17 2:29 p.m.16 views

PYSEC-2019-198

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS4.9AI score0.04636EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2019/04/17 1:59 p.m.21 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS8.7AI score0.02512EPSS
Exploits1
NVD
NVD
added 2018/07/24 3:29 p.m.8 views

CVE-2018-5387

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service...

7.5CVSS7.6AI score0.0166EPSS
Exploits1References4
NVD
NVD
added 2017/06/15 1:29 a.m.23 views

CVE-2017-8498

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique fro...

4.3CVSS4.5AI score0.0518EPSS
Exploits0References2
Prion
Prion
added 2017/06/15 1:29 a.m.21 views

Information disclosure

Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique fro...

4.3CVSS4.6AI score0.05253EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2017/06/13 7:0 a.m.38 views

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists in Microsoft Edge that allows JavaScript XML DOM objects to detect installed browser extensions. To exploit the vulnerability, in a web-based attack scenario, an attacker could host a malicious website in an attempt to make a user visit it. However, ...

6.5CVSS0.5AI score0.14265EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.33 views

Ubuntu 5.04 : mozilla-firefox, mozilla vulnerabilities (USN-124-1)

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...

7.5CVSS6AI score0.08283EPSS
Exploits3References8
Ubuntu
Ubuntu
added 2005/08/01 5:47 p.m.62 views

USN-157-1: Mozilla Thunderbird vulnerabilities

Vladimir V. Perepelitsa discovered a bug in Thunderbird's handling of anonymous functions during regular expression string replacement. A malicious HTML email could exploit this to capture a random block of client memory. CAN-2005-0989 Georgi Guninski discovered that the types of certain XPInstal...

7.5CVSS6AI score0.68097EPSS
Exploits7
Ubuntu
Ubuntu
added 2005/05/11 3:56 p.m.63 views

USN-124-1: Mozilla and Firefox vulnerabilities

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...

7.5CVSS6AI score0.08283EPSS
Exploits3
Rows per page
Query Builder