Lucene search
K

11 matches found

OpenVAS
OpenVAS
added 2021/04/19 12:0 a.m.12 views

SUSE: Security Advisory (SUSE-SU-2018:0720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.9AI score0.02165EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2018/03/09 12:0 a.m.34 views

SUSE SLES12 Security Update : xmltooling (SUSE-SU-2018:0140-1)

This update for xmltooling fixes the following issues : - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 Note that...

6.5CVSS6.3AI score0.01518EPSS
Exploits2References4
Prion
Prion
added 2018/02/27 3:29 p.m.14 views

Design/Logic Flaw

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this...

6.4CVSS6.5AI score0.02165EPSS
Exploits2References6Affected Software3
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.20 views

openSUSE Security Update : xmltooling (openSUSE-2018-65)

This update for xmltooling fixes the following issues : - CVE-2018-0486: Fixed a security bug when xmltooling mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD bsc1075975 This upda...

6.5CVSS6.3AI score0.01518EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2018/01/21 12:0 a.m.23 views

openSUSE: Security Advisory for xmltooling (openSUSE-SU-2018:0158-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.7AI score0.01518EPSS
Exploits2References1
Packet Storm
Packet Storm
added 2018/01/15 12:0 a.m.72 views

Shibboleth 2 XML Injection

Advisory: Truncation of SAML Attributes in Shibboleth 2 RedTeam Pentesting discovered that the shibd service of Shibboleth 2 does not extract SAML attribute values in a robust manner. By inserting XML entities into a SAML response, attackers may truncate attribute values without breaking the...

6.5AI score0.01518EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2018/01/13 6:29 p.m.19 views

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.5CVSS6.7AI score0.01518EPSS
Exploits2References2
OSV
OSV
added 2018/01/13 6:29 p.m.11 views

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.5CVSS6.3AI score
Exploits0References5
CVE
CVE
added 2018/01/13 6:0 p.m.98 views

CVE-2018-0486

CVE-2018-0486 affects Shibboleth XMLTooling-C prior to 1.6.3, as used in Shibboleth Service Provider prior to 2.6.0, on Windows and other platforms. The flaw arises from mishandling digital signatures of user attribute data, enabling remote attackers to read sensitive information or impersonate u...

6.5CVSS6AI score0.01518EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2018/01/13 6:0 p.m.23 views

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via a crafted DTD...

6.1AI score0.01518EPSS
Exploits2References5
Debian
Debian
added 2018/01/12 10:14 p.m.32 views

[SECURITY] [DSA 4085-1] xmltooling security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4085-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 12, 2018 https://www.debian.org/security/faq -...

6.5CVSS6.4AI score0.01518EPSS
Exploits2
Rows per page
Query Builder