Lucene search
K

13 matches found

Veracode
Veracode
added 2025/12/13 6:19 a.m.5 views

Authentication Bypass

robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...

7.5CVSS5.9AI score0.00218EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2024/05/23 10:32 a.m.9 views

XPath Injection

robrichards/xmlseclibs is vulnerable to XPath Injection. The vulnerability is due to inadequate filtering of user input before it is incorporated into an XPath expression, which allows attackers to manipulate the XPath by injecting malicious input, potentially leading to unauthorized data access...

7AI score
Exploits0
OSV
OSV
added 2024/05/20 6:6 p.m.10 views

GHSA-2G98-F9JV-W8C5 robrichards/xmlseclibs XPath injection

A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...

7.5CVSS7.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/20 6:6 p.m.89 views

robrichards/xmlseclibs XPath injection

A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...

7.4AI score
Exploits0References3Affected Software1
Typo3
Typo3
added 2021/08/10 12:0 a.m.37 views

Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...

5CVSS1.5AI score0.00996EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.19 views

Fedora Update for php-robrichards-xmlseclibs FEDORA-2019-73d0fe1d15

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.03024EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/11/17 12:0 a.m.20 views

Fedora Update for php-robrichards-xmlseclibs FEDORA-2019-81f61cdceb

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.03024EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2019/11/17 12:0 a.m.15 views

Fedora Update for php-robrichards-xmlseclibs FEDORA-2019-dc90bf093b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.03024EPSS
Exploits0References2
Fedora
Fedora
added 2019/11/15 3:3 a.m.28 views

[SECURITY] Fedora 31 Update: php-robrichards-xmlseclibs-2.1.1-1.fc31

xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required -- specifically for the following XMLSecurityKey encryption type...

8.8CVSS2.3AI score0.03024EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/11/15 12:0 a.m.33 views

Fedora 31 : php-robrichards-xmlseclibs (2019-73d0fe1d15)

2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

8.8CVSS7.7AI score0.03024EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/15 12:0 a.m.29 views

Fedora 30 : php-robrichards-xmlseclibs (2019-dc90bf093b)

2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

8.8CVSS7.7AI score0.03024EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/11/15 12:0 a.m.35 views

Fedora 29 : php-robrichards-xmlseclibs (2019-81f61cdceb)

2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...

8.8CVSS7.7AI score0.03024EPSS
Exploits0References2
Veracode
Veracode
added 2019/11/07 2:25 a.m.16 views

Signature Verification Bypass

robrichards/xmlseclibs is vulnerable to signature verification bypass. The implementation of the SAML 2.0 protocol allows for the circumvention of XML signature verification on SAML messages due to the failure to ensure only a single SignedInfo element exists within the signature...

8.8CVSS3.1AI score0.03024EPSS
Exploits0References22Affected Software1
Rows per page
Query Builder