Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-7316

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.01182EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2025/02/05 7:35 p.m.13 views

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

8.1CVSS7.2AI score0.03025EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 2:33 p.m.22 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to bypass SAML authentication due to passport-saml ( CVE-2022-39299 )

Summary Passport-saml is used by IBM Cloud Pak for Data for SAML authentication. CVE-2022-39299. Vulnerability Details CVEID:CVE-2022-39299 DESCRIPTION: Node.js passport-saml module could allow a remote attacker to bypass security restrictions, caused by improper verification of cryptographic...

8.1CVSS8.4AI score0.03025EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/05/24 12:0 a.m.68 views

Ubuntu 20.04 LTS / 22.04 LTS : xmldom vulnerabilities (USN-6102-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6102-1 advisory. It was discovered that xmldom incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially...

9.8CVSS7AI score0.01535EPSS
Exploits1References4
Prion
Prion
added 2022/11/02 5:15 p.m.29 views

Design/Logic Flaw

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or...

7.5CVSS8.8AI score0.03025EPSS
Exploits2References3Affected Software2
Github Security Blog
Github Security Blog
added 2022/11/01 5:29 p.m.845 views

xmldom allows multiple root nodes in a DOM

Impact xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the childNodes collection of the Document, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led ...

9.8CVSS8.8AI score0.01182EPSS
Exploits1References11Affected Software2
GithubExploit
GithubExploit
added 2022/10/31 1:24 p.m.835 views

Exploit for Improper Verification of Cryptographic Signature in Passport-Saml_Project Passport-Saml

Exploiting CVE-2022-39299 Signature bypass via multiple ro...

8.1CVSS8.4AI score0.03025EPSS
Exploits1
NVD
NVD
added 2022/10/12 9:15 p.m.35 views

CVE-2022-39299

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

8.1CVSS0.03025EPSS
Exploits1References3
CVE
CVE
added 2022/10/12 12:0 a.m.182 views

CVE-2022-39299

CVE-2022-39299 affects the passport-saml library (Node.js) and allows remote authentication bypass via improper verification of cryptographic signatures in SAML responses. A attacker must present an arbitrary IDP-signed XML element; depending on IdP, fully unauthenticated access may be feasible i...

8.1CVSS8.5AI score0.03025EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/10/12 12:0 a.m.35 views

CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

7.4CVSS8.3AI score0.03025EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/10/12 12:0 a.m.32 views

CVE-2022-39299 Signature bypass via multiple root elements in Passport-SAML

Passport-SAML is a SAML 2.0 authentication provider for Passport, the Node.js authentication library. A remote attacker may be able to bypass SAML authentication on a website using passport-saml. A successful attack requires that the attacker is in possession of an arbitrary IDP signed XML elemen...

7.4CVSS9.2AI score0.03025EPSS
Exploits1References3
Rows per page
Query Builder