Multiple memory safety issues in insert_row

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

RUSTSEC-2021-0028 Multiple memory safety issues in insert_row

When inserting rows from an iterator at a particular index, toodee would shift items over, duplicating their ownership. The space reserved for the new elements was based on the len returned by the ExactSizeIterator. This could result in elements in the array being freed twice if the iterator...

Privoxy Security Vulnerability

Privoxy is a proxy server from the Privoxy team in the USA that does not cache web pages and comes with its own filtering features. It has advanced filtering features to enhance privacy, modify web data and HTTP headers, control access and remove advertisements and other annoying Internet...

Juniper Networks Mist Cloud UI Input Validation Error Vulnerability

Juniper Networks Mist Cloud is a Juniper Networks USA platform that simplifies cloud management and helps users prevent vendor and complexity lock-in. It provides cost and utilization reporting, RBAC, management, provisioning, orchestration, monitoring and automation for servers across public and...

GHSA-MFCP-34XW-P57X Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

Aduket - Straight-forward HTTP Client Testing, Assertions Included

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add respons...

UBUNTU-CVE-2020-5390

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping XSW. The signature information and the node/object that is signed can be in different places and thus the signature...

PT-2020-5164 · Pysaml2 +2 · Pysaml2 +2

Name of the Vulnerable Software and Affected Versions: PySAML2 versions prior to 5.0.0 Description: The issue is related to incorrect verification of cryptographic signatures in SAML2 documents, allowing a remote attacker to bypass signature checks and access protected information. This is due to...

CVE-2019-10201

It was found that Keycloak's SAML broker did not verify missing message signatures. If an attacker modifies the SAML Response and removes the sections, the message is still accepted, and the message can be modified. An attacker could use this flaw to impersonate other users and gain access to...

Incorrect implementation of the Streebog hash functions

Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...

OPENSUSE-SU-2019:1895-1 Security update for ledger

This update for ledger fixes the following issues: ledger was updated to 3.1.3: + Properly reject postings with a comment right after the flag bug 1753 + Make sorting order of lot information deterministic bug 1747 + Fix bug in tag value parsing bug 1702 + Remove the org command, which was always...

SAML Authentication Bypass

samlr is vulnerable to authentication bypass attacks. This is due to inconsistent validation of signed assertions which allows an attacker to manipulate SAML data without invalidating the cryptographic signature and bypass authentication to SAML service providers...

openSUSE Security Update : ledger (openSUSE-2019-1779)

This update for ledger fixes the following issues : ledger was updated to 3.1.3 : + Properly reject postings with a comment right after the flag bug 1753 + Make sorting order of lot information deterministic bug 1747 + Fix bug in tag value parsing bug 1702 + Remove the org command, which was alwa...

Authentication Bypass

SimpleSAMLphp is vulnerable to authentication bypasses. A malicious user can pass an unsigned SAML response with multiple assertions to the application. As long as one of the assertions are valid the application will consider the SAML response valid and grant access to the malicious user...

SimpleSAMLphp Key Obfuscation Vulnerability

SimpleSAMLphp is a suite of PHP authentication applications that implement the SAML 2.0 service provider and identity provider functionality. the SAML2 library is one of the Security Assertion Markup Language SAML libraries. the XmlSecLibs library is one of the XML security libraries . A security...

Type confusion

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...

CVE-2018-7644

CVE-2018-7644 affects SimpleSAMLphp prior to 1.15.3 where XmlSecLibs used by the saml2 library incorrectly verifies SAML assertions, enabling a remote attacker to craft an assertion from an Identity Provider that passes cryptographic checks and impersonate a user from that IdP. The issue is a key...

CVE-2018-7644

The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing th...

UBUNTU-CVE-2017-18122

A signature-validation bypass issue was discovered in SimpleSAMLphp through 1.14.16. A SimpleSAMLphp Service Provider using SAML 1.1 will regard as valid any unsigned SAML response containing more than one signed assertion, provided that the signature of at least one of the assertions is valid...