EUVD-2024-26975

Malicious code in bioql PyPI...

GHSA-J2HR-Q93X-GXVH SSOReady has an XML Signature Bypass via differential XML parsing

Affected versions are vulnerable to XML signature bypass attacks. An attacker can carry out signature bypass if you have access to certain IDP-signed messages. The underlying mechanism exploits differential behavior between XML parsers. Users of https://ssoready.com, the public hosted instance of...

CVE-2024-2005 SAML implementation allows privilege escalation

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

CVE-2024-2005 SAML implementation allows privilege escalation

In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised ...

CVE-2023-28119

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

Design/Logic Flaw

The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of flate.NewReader does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be...

CVE-2023-28119

Removed by vendor...

SUSE CVE-2021-21239

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does no...

SA43667 - 2018-03 Out-of-Cycle Advisory: SAML allow authentication bypass via incorrect XML canonicalization

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple Pulse Secure products utilizing SAML implementation could allow an attacker with an authenticated access to a SAML Identity Provider IdP to bypass authentication for a differen...

Fedora: Security Advisory for lasso (FEDORA-2021-508acb1153)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2015-5372

The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider IdP, which allows remote attackers to inject arbitrary SAML...