13 matches found
Authentication Bypass
robrichards/xmlseclibs is vulnerable to authentication bypass. The vulnerability is due to improper handling in the libxml2 canonicalization process where invalid XML inputs may return an empty string, which allows an attacker to bypass authentication by manipulating the DigestValue computation...
XPath Injection
robrichards/xmlseclibs is vulnerable to XPath Injection. The vulnerability is due to inadequate filtering of user input before it is incorporated into an XPath expression, which allows attackers to manipulate the XPath by injecting malicious input, potentially leading to unauthorized data access...
GHSA-2G98-F9JV-W8C5 robrichards/xmlseclibs XPath injection
A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...
robrichards/xmlseclibs XPath injection
A vulnerability has been identified in the robrichards/xmlseclibs library, specifically related to XPath injection. The issue arises from inadequate filtering of user input before it is incorporated into XPath expressions...
Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)
The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...
Fedora Update for php-robrichards-xmlseclibs FEDORA-2019-73d0fe1d15
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for php-robrichards-xmlseclibs FEDORA-2019-81f61cdceb
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for php-robrichards-xmlseclibs FEDORA-2019-dc90bf093b
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: php-robrichards-xmlseclibs-2.1.1-1.fc31
xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. NOTE: php-mcrypt will not be automatically installed as a dependency of this package so it will need to be "manually" installed if it is required -- specifically for the following XMLSecurityKey encryption type...
Fedora 31 : php-robrichards-xmlseclibs (2019-73d0fe1d15)
2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...
Fedora 30 : php-robrichards-xmlseclibs (2019-dc90bf093b)
2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...
Fedora 29 : php-robrichards-xmlseclibs (2019-81f61cdceb)
2.1.1 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 2.1.0 Backports changes from 3.0 branch Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as...
Signature Verification Bypass
robrichards/xmlseclibs is vulnerable to signature verification bypass. The implementation of the SAML 2.0 protocol allows for the circumvention of XML signature verification on SAML messages due to the failure to ensure only a single SignedInfo element exists within the signature...