52 matches found
CVE-2026-54779
CoreWCF (Windows Communication Foundation port for .NET Core) has a SAML token replay protection flaw prior to versions 1.8.1 and 1.9.1. The issue arises because DefaultTokenReplayCache.TryAdd does not reject duplicate tokens when DetectReplayedTokens is enabled, allowing a captured token to be r...
PT-2026-51071
Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description The SamlSerializer skips the final SignatureValue verification when a service validates SAML tokens using a non-X.509 signing token. This occurs when the service is...
EUVD-2024-47149
Malicious code in bioql PyPI...
EUVD-2021-8748
Malicious code in bioql PyPI...
CVE-2019-1006
An authentication bypass vulnerability exists in Windows Communication Foundation WCF and Windows Identity Foundation WIF, allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'...
CVE-2024-5249
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
CVE-2024-5249 SAML Replay in Akana
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
CVE-2024-5249 SAML Replay in Akana
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed...
Ubuntu: Security Advisory (USN-6463-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6463-2: Open VM Tools vulnerabilities
USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could...
USN-6463-1: Open VM Tools vulnerabilities
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...
Ubuntu: Security Advisory (USN-6365-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-6365-2 open-vm-tools vulnerability
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...
USN-6365-2: Open VM Tools vulnerability
USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SA...
USN-6365-1 open-vm-tools vulnerability
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations...
USN-6365-1: Open VM Tools vulnerability
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker could possibly use this issue to bypass SAML token signature verification and perform VMware Tools Guest Operations...
Improper Input Validation in Apache CXF
The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...
GHSA-38X2-FP9M-87MX Improper Input Validation in Apache CXF
The SecurityTokenService STS in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token...
Mageia: Security Advisory (MGASA-2014-0557)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SAP HANA Database Signature Validation Improperity Vulnerability
SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP, which supports users to query and analyze real-time business data. An improper signature validation vulnerability exists in SAP HANA Database versions 1.0 and 2.0. The vulnerability stems from the program...