20 matches found
EUVD-2015-0862
Malware in sbrugna...
Shibboleth < 3.5.0.1 Forged Messages
The version of Shibboleth Service Provider installed on the remote is prior to 3.5.0.1. It is, therefore, affected by a vulnerability. The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
A flaw was found in the OpenSAML C++ library. This vulnerability allows forging signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
CVE-2025-31335 affects the OpenSAML C++ library prior to 3.3.1, where parameter manipulation can forge signed SAML messages for bindings that rely on non-XML signatures. The issue is confirmed in multiple feeds referencing OpenSAML
CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
Security feature bypass
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16853
The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...
CVE-2017-16853
CVE-2017-16853 affects OpenSAML’s DynamicMetadataProvider (OpenSAML-C) prior to 2.6.1. The DynamicMetadataProvider.cpp implementation does not properly configure MetadataFilter plugins and omits key security checks (e.g., signature verification, validity periods, and other deployment-specific che...
DEBIAN-CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...
CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...
Design/Logic Flaw
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...
CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...
CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...
CVE-2015-0851
CVE-2015-0851 affects XMLTooling-C (before 1.5.5) as used in OpenSAML-C and Shibboleth Service Provider. The vulnerability arises from improper handling of integer conversion exceptions, allowing remote attackers to trigger a denial of service (crash) via schema-invalid XML data. Affected compone...
CVE-2015-0851
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...