Lucene search
K

195 matches found

OpenVAS
OpenVAS
added 2017/12/09 12:0 a.m.16 views

openSUSE: Security Advisory for opensaml (openSUSE-SU-2017:3241-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.1CVSS8.1AI score0.01398EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2017/12/08 12:12 p.m.66 views

Security update for opensaml (important)

This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks bsc1068685. This update was imported from the SUSE:SLE-12-SP1:Update upda...

6.8CVSS2.2AI score0.01398EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/12/08 12:0 a.m.26 views

SUSE SLES12 Security Update : opensaml (SUSE-SU-2017:3234-1)

This update for opensaml fixes the following issues: Security issue fixed : - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks bsc1068685. Note that Tenable Network Security has extracted the precedi...

8.1CVSS7.4AI score0.01398EPSS
Exploits0References4
OSV
OSV
added 2017/12/07 2:28 p.m.3 views

SUSE-SU-2017:3234-1 Security update for opensaml

This update for opensaml fixes the following issues: Security issue fixed: - CVE-2017-16853: Fix the DynamicMetadataProvider class to properly configure itself with the MetadataFilter plugins, to avoid possible MITM attacks bsc1068685...

8.1CVSS8AI score0.01398EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2017/11/29 9:19 a.m.24 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8.1CVSS2AI score0.01398EPSS
Exploits0References1
Broadcom
Broadcom
added 2017/11/17 12:0 a.m.9 views

BSA-2017-470

Security Advisory ID : BSA-2017-470 Component : Expand Entity References Revision : 1.0: Interim The 1 BasicParserPool, 2 StaticBasicParserPool, 3 XML Decrypter, and 4 SAML Decrypter in Shibboleth OpenSAML-Java before 2.6.1 set the expandEntityReferences property to true, which allows remote...

5CVSS9.1AI score0.02752EPSS
Exploits0
NVD
NVD
added 2017/11/16 5:29 p.m.16 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8.1CVSS8.1AI score0.01398EPSS
Exploits0References6
OSV
OSV
added 2017/11/16 5:29 p.m.5 views

UBUNTU-CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8.1CVSS5.8AI score0.01398EPSS
Exploits0References5
Prion
Prion
added 2017/11/16 5:29 p.m.13 views

Security feature bypass

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

6.8CVSS7.9AI score0.01398EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2017/11/16 5:29 p.m.7 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8.1CVSS5.6AI score0.01398EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2017/11/16 5:29 p.m.25 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8.1CVSS7.1AI score0.01398EPSS
Exploits0References4
CVE
CVE
added 2017/11/16 5:0 p.m.74 views

CVE-2017-16853

CVE-2017-16853 affects OpenSAML’s DynamicMetadataProvider (OpenSAML-C) prior to 2.6.1. The DynamicMetadataProvider.cpp implementation does not properly configure MetadataFilter plugins and omits key security checks (e.g., signature verification, validity periods, and other deployment-specific che...

8.1CVSS7.8AI score0.01398EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2017/11/16 5:0 p.m.25 views

CVE-2017-16853

The DynamicMetadataProvider class in saml/saml2/metadata/impl/DynamicMetadataProvider.cpp in OpenSAML-C in OpenSAML before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical security checks such as signature verification, enforcement of validity...

8AI score0.01398EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2017/11/16 5:0 p.m.57 views

CVE-2017-16853

Removed by vendor...

8.1CVSS8.1AI score0.01398EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2015-0350)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.5AI score0.02444EPSS
Exploits0References5
OSV
OSV
added 2015/09/08 5:55 p.m.4 views

MGASA-2015-0350 Updated xmltooling packages fix CVE-2015-0851

Updated xmltooling and opensaml packages fix security vulnerability: The InCommon Shibboleth Training team discovered that XMLTooling, a C++ XML parsing library, did not properly handle an exception when parsing well-formed but schema-invalid XML. This could allow remote attackers to cause a deni...

5CVSS6.5AI score0.02444EPSS
Exploits0References4
NVD
NVD
added 2015/08/12 2:59 p.m.17 views

CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

5CVSS7.3AI score0.02444EPSS
Exploits0References4
OSV
OSV
added 2015/08/12 2:59 p.m.2 views

DEBIAN-CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

5CVSS6.9AI score0.02444EPSS
Exploits0References1
OSV
OSV
added 2015/08/12 2:59 p.m.2 views

UBUNTU-CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

5CVSS7.1AI score0.02444EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2015/08/12 2:59 p.m.28 views

CVE-2015-0851

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider SP, does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service crash via schema-invalid XML data...

5CVSS7.1AI score0.02444EPSS
Exploits0References3
Rows per page
Query Builder