181 matches found
OneLogin ruby-saml 数据伪造问题漏洞
Onelogin OneLogin ruby-saml is a Ruby-based SAML Security Assertion Markup Language library for Single Sign-On SSO services from Onelogin, USA. A data forgery issue vulnerability exists in OneLogin ruby-saml version 1.12.4 and earlier, which stems from XML parsing differences and could lead to...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the libxml2 canonicalization process. An attacker can bypass authentication and replay signatures by crafting XML input that causes canonicalization to yield an empty string, leading ...
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
GHSA-X4H9-GWV3-R4M4 Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to differences in XML document namespace parsing between REXML and Nokogiri, implemented in xmlsecurity.rb. An attacker can bypass authentication via Signature Wrapping attack. Note:...
GHSA-9V8J-X534-2FX3 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...
Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...
Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation
Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Summary Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14. Vulnerability Details CVEID:CVE-2025-55193 DESCRIPTION: Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may ...
EUVD-2018-0357
Malware in sbrugna...
EUVD-2025-6414
Malicious code in bioql PyPI...
EUVD-2023-1617
Malicious code in bioql PyPI...
EUVD-2025-6413
Malicious code in bioql PyPI...
EUVD-2025-29406
Malicious code in bioql PyPI...
EUVD-2025-23157
Malicious code in bioql PyPI...
[SECURITY] [DLA 4288-1] ruby-saml security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4288-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk September 01, 2025 https://wiki.debian.org/LTS -...
Debian: Security Advisory (DLA-4288-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
DLA-4288-1 ruby-saml - security update
Bulletin has no description...
Debian dla-4288 : ruby-saml - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4288 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4288-1 [email protected] https://www.debian.org/lts/security/...
Linux Distros Unpatched Vulnerability : CVE-2025-25293
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ruby-saml provides security assertion markup language SAML single sign-on SSO for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote...