27 matches found
CVE-2025-59719
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message...
EUVD-2015-2775
Malware in sbrugna...
EUVD-2018-0568
Malware in sbrugna...
SUSE SLES15 Security Update : opensaml (SUSE-SU-2025:01500-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01500-1 advisory. - CVE-2025-31335: Fixed a bug where parameter manipulation allows the forging of signed SAML messages. bsc1239889 Tenable has extracted the...
K000151066: OpenSAML vulnerability CVE-2025-31335
Security Advisory Description The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures. CVE-2025-31335 Impact There is no impact; F5 products are not affected by this vulnerability. Security...
Shibboleth < 3.5.0.1 Forged Messages
The version of Shibboleth Service Provider installed on the remote is prior to 3.5.0.1. It is, therefore, affected by a vulnerability. The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
The OpenSAML C++ library before 3.3.1 allows forging of signed SAML messages via parameter manipulation when using SAML bindings that rely on non-XML signatures...
CVE-2025-31335
CVE-2025-31335 affects the OpenSAML C++ library prior to 3.3.1, where parameter manipulation can forge signed SAML messages for bindings that rely on non-XML signatures. The issue is confirmed in multiple feeds referencing OpenSAML
[SECURITY] [DLA 4093-1] opensaml security update
Debian LTS Advisory DLA-4093-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson March 27, 2025 https://wiki.debian.org/LTS Package : opensaml Version : 3.2.0-2+deb11u1 CVE ID : TEMP-1100464-F28DDC Debian Bug : 1100464 Alexander Tan discovered that the OpenSAML C...
Exploit for CVE-2024-32962
Poc-CVE-2024-32962-xml-crypto A simulation of an atta...
[SECURITY] [DSA 5879-1] opensaml security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5879-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 16, 2025 https://www.debian.org/security/faq -...
FreeBSD : shibboleth-sp -- Parameter manipulation allows the forging of signed SAML messages (0b43fac4-005d-11f0-a540-6cc21735f730)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0b43fac4-005d-11f0-a540-6cc21735f730 advisory. The Shibboleth Project reports: An updated version of the OpenSAML C++ library is available which...
GHSA-J5G2-Q29X-CW3H SimpleSAMLphp vulnerable to XXE in parsing SAML messages
Withdrawn Advisory This advisory has been withdrawn because the vulnerability affects users of the SimpleSAMLphp tarball, not the SimpleSAMLphp Composer package. The underlying information about CVE-2024-52596 is still valid. Original Description Summary When loading an untrusted XML document, fo...
Armeria-saml improperly handles SAML messages
Overview Armeria-saml provided by LY Corporation contains an issue in handling SAML messages CWE-304, CVE-2024-1735. LY Corporation reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact Authentication may be bypassed by receiving a specially crafted SAML...
Authorization Bypass
OmniAuth-saml is vulnerable to authentication bypass. The application uses a vulnerable version of ruby-saml , meaning it does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML...
Authorization Bypass
python-saml is vulnerable to authentication bypass. The application does not properly parse comments in certain XML nodes, causing text after a comment being lost before signing the SAML Message. This allows a malicious user to modify a SAML message without invalidating the cryptographic signatur...
keycloak: SAML request parser replaces special strings with system properties
It was found that while parsing the SAML messages the StaxParserUtil class of Picketlink replaces special strings for obtaining attribute values with system property. This could allow an attacker to determine values of system properties at the attacked system by formatting the SAML request ID fie...
Shibboleth Service Provider DoS
Crash on parsing SAML message...