Astra Linux - уязвимость в python-pysaml2

PySAML2 is a pure Python implementation of the SAML Version 2 Standard. Before version 6.5.0, PySAML2 had a flaw in the verification of cryptographic signatures. This issue affects users of pysaml2 who use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents. PySAML2...

Exploit for Improper Verification of Cryptographic Signature in Pysaml2_Project Pysaml2

CVE-2021-21239 This is a poc script to explot the xmlsec vu...

EUVD-2021-0210

Malware in sbrugna...

EUVD-2018-0126

Malware in sbrugna...

EUVD-2021-0211

Malware in sbrugna...

EUVD-2020-0157

Malware in sbrugna...

EUVD-2017-0104

Malware in sbrugna...

EUVD-2017-0106

Malware in sbrugna...

EUVD-2017-0105

Malware in sbrugna...

Exploit for Improper Verification of Cryptographic Signature in Pysaml2_Project Pysaml2

Technical Report on CVE-2021-21239: Redash SAML Authentication...

Linux Distros Unpatched Vulnerability : CVE-2021-21238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2016-10127

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PySAML2 allows remote attackers to conduct XML external entity XXE attacks via a crafted SAML XML request or response. CVE-2016-10127 Note that Nessus relies on...

Linux Distros Unpatched Vulnerability : CVE-2017-1000246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0936)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0936 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

RHEL 7 : python-defusedxml and python-pysaml2 (RHSA-2017:0937)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0937 advisory. The defusedxml package contains several Python-only updates for security vulnerabilities in Python's XML libraries. Defusedxml functions and classes...

RHSA-2017:0938 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

RHSA-2017:0937 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

RHSA-2017:0936 Red Hat Security Advisory: python-defusedxml and python-pysaml2 security update

Bulletin has no description...

OPENSUSE-SU-2024:14156-1 python310-pysaml2-7.4.2-1.2 on GA media

These are all security issues fixed in the python310-pysaml2-7.4.2-1.2 package on the GA media of openSUSE Tumbleweed...

ROS-20240410-12

The vulnerability in the SAML PySAML2 standard is related to the XML signature packaging variant, as it does not validate the SAML document against the XML schema. Exploitation of the vulnerability could allow an attacker, remotely bypass signature validation and gain access to protected informat...