EUVD-2020-0344

Malware in sbrugna...

EUVD-2020-0374

Malware in sbrugna...

EUVD-2022-7706

Malicious code in bioql PyPI...

CVE-2020-5268

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...

CVE-2020-5261

Saml2 Authentication services for ASP.NET NuGet package Sustainsys.Saml2 greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5.0 version is patche...

CVE-2022-23505

Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession...

Unspecified Vulnerability in Saml2 Authentication services for ASP.NET

Saml2 Authentication services for ASP.NET is a SAML Security Assertion Markup Language authentication service for ASP.NET. A security vulnerability exists in the method of token authentication in Saml2 Authentication services for ASP.NET versions 1.0.2 and 2.0.0 through 2.6.0. An attacker could...

GHSA-G6J2-CH25-5MMV Missing Token Replay Detection in Saml2 Authentication services for ASP.NET

Impact Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Replay Detection is not properly implemented. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use...

Missing Token Replay Detection in Saml2 Authentication services for ASP.NET

Impact Token Replay Detection is an important defence in depth measure for Single Sign On solutions. In all previous 2.X versions, the Token Replay Detection is not properly implemented. Note that version 1.0.1 is not affected. It has a correct Token Replay Implementation and is safe to use...

Unspecified Vulnerability in Saml2 Authentication services for ASP.NET

Saml2 Authentication services for ASP.NET is a SAML Security Assertion Markup Language authentication service for ASP.NET. A security vulnerability exists in Saml2 Authentication services for ASP.NET in version 2.0.0 and later fixed in version 2.5.0, which stems from the program's failure to...

Insecure Random Number Generation

pac4j-saml uses an insecure random number generation. It generates entity ID with predictable randomness for SAML2 Authentication Request as it relies on random numbers generated using an insecure RandomStringUtils PRNG algorithm from apache commons-lang3 RandomStringUtil class...