EUVD-2025-14769

Malicious code in bioql PyPI...

[SECURITY] [DSA 5879-1] opensaml security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5879-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 16, 2025 https://www.debian.org/security/faq -...

Debian dsa-5879 : libsaml-dev - security update

The remote Debian 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5879 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-5879-1 [email protected] https://www.debian.org/security/ Moritz...

PT-2025-13434 · Unknown +1 · Opensaml C++ Library +1

Name of the Vulnerable Software and Affected Versions: OpenSAML C++ library versions prior to 3.3.1 Description: The issue allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. Recommendations: For versions prior to 3.3.1, upda...

FreeBSD : shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages (0b43fac4-005d-11f0-a540-6cc21735f730)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b43fac4-005d-11f0-a540-6cc21735f730 advisory. The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which...

shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages

The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which corrects a parameter manipulation vulnerability when using SAML bindings that rely on non-XML signatures. The Shibboleth Service Provider is impacted by this issue, and it manifests as a critical...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +415 more potentially affected by CVE-2011-1411 via org.opensaml:opensaml (=2.5.1-1)

org.opensaml:opensaml MAVEN version =2.5.1-1 is affected by a known vulnerability. The following packages have a transitive dependency on org.opensaml:opensaml and may be impacted: - br.com.esec.icpm:certillion-client-library =1.1.7, =1.1.9, =1.2.5, =2.0.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0,...

Authentication flaw

Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."...

CVE-2011-1411

Removed by vendor...

CVE-2011-1411

CVE-2011-1411 affects Shibboleth OpenSAML libraries: OpenSAML 2.4.x before 2.4.3, 2.5.x before 2.5.1, and IdP before 2.3.2. The issue is an XML Signature Wrapping vulnerability allowing remote attackers to forge messages and bypass authentication. Practical impact described in sources is authenti...