Lucene search
K

216 matches found

OSV
OSV
added 2022/05/14 3:55 a.m.12 views

GHSA-376M-3RM2-9JM6 Session Fixation in ipsilon

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

9.1CVSS8.9AI score0.02119EPSS
Exploits0References15
Github Security Blog
Github Security Blog
added 2022/05/14 3:55 a.m.15 views

Session Fixation in ipsilon

A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 before 1.1.2, and 1.0 before 1.0.3 was found that allows attacker to log out active sessions of other users. This issue is related to how it tracks sessions, and allows an unauthenticated attacker to view and terminate active...

9.1CVSS4.9AI score0.02119EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2022/05/14 3:40 a.m.24 views

GHSA-R8V4-7VWJ-983X SimpleSAMLphp SAML2 spoof SAML responses

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

9.1CVSS9.1AI score0.02424EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/14 3:40 a.m.19 views

SimpleSAMLphp SAML2 spoof SAML responses

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

9.1CVSS7.1AI score0.02424EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/14 3:34 a.m.28 views

SimpleSAMLphp saml2 incorrect signature validation

HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP...

8.1CVSS7AI score0.01221EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/14 2:57 a.m.16 views

GHSA-HHM8-2J4G-MPGG SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

7.5CVSS7.5AI score0.01728EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 2:57 a.m.23 views

SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability

The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp...

7.5CVSS6.7AI score0.01728EPSS
Exploits0References5Affected Software1
0day.today
0day.today
added 2022/01/20 12:0 a.m.768 views

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit

VMware vCenter Server is affected by the Log4Shell vulnerability whereby a JNDI string can be sent to the server that will cause it to connect to the attacker and deserialize a malicious Java object. This results in OS command execution in the context of the root user in the case of the Linux...

10CVSS9.1AI score0.99999EPSS
Exploits351
Cvelist
Cvelist
added 2021/08/25 8:2 p.m.20 views

CVE-2021-37154

In ForgeRock Access Management AM before 7.0.2, the SAML2 implementation allows XML injection, potentially enabling a fraudulent SAML 2.0 assertion...

9.6AI score0.01359EPSS
Exploits0References2
Fedora
Fedora
added 2021/06/11 1:15 a.m.26 views

[SECURITY] Fedora 34 Update: lasso-2.7.0-1.fc34

Lasso is a library that implements the Liberty Alliance Single Sign On standards, including the SAML and SAML2 specifications. It allows to handle the whole life-cycle of SAML based Federations, and provides bindings for multiple languages...

7.5CVSS2.4AI score0.01325EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/01/21 2:12 p.m.5 views

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21239 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21239 Source advisory: OSV:GHSA-5P3X-R448-PC62...

6.5CVSS6.8AI score0.0118EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2021/01/21 2:12 p.m.9 views

django-allauth-saml2 (>=0.1.0 <=0.2.0), django-saml2-auth (>=1.0.2 <=1.1.4) +8 more potentially affected by CVE-2021-21238 via pysaml2 (>=4.0.2 <=5.0.0)

pysaml2 PYPI version =4.0.2, =0.1.0, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2021-21238 Source advisory: OSV:GHSA-F4G9-H89H-JGV9...

6.5CVSS6.8AI score0.01078EPSS
Exploits0
OSV
OSV
added 2020/09/03 9:20 p.m.12 views

GHSA-MFCP-34XW-P57X Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

6.8CVSS7.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2020/09/03 9:20 p.m.29 views

Authentication Bypass in saml2-js

Versions of saml2-js prior to 2.0.5 are vulnerable to an Authentication Bypass. The package fails to enforce the assertion conditions for encrypted assertions, which may allow an attacker to reuse encrypted assertion tokens indefinitely. Recommendation Upgrade to version 2.0.5 or later...

4.6AI score
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/05/13 5:0 p.m.28 views

CVE-2020-5407 Signature Wrapping Vulnerability with spring-security-saml2-service-provider

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an...

8.9AI score0.01199EPSS
Exploits0References7
vulnersOsv
vulnersOsv
added 2020/05/06 7:41 p.m.6 views

django-saml2-auth (>=1.0.2 <=1.1.4), django-saml2-auth-custom (>=1.0.0 <=1.0.4) +6 more potentially affected by CVE-2020-5390 via pysaml2 (>=4.0.2 <=4.8.0)

pysaml2 PYPI version =4.0.2, =1.0.2, =1.0.0, =0.16.11, =1.1.1, =12.0.2, =0.100.2, =0.6.1, =3.4.8 Source cves: CVE-2020-5390 Source advisory: OSV:GHSA-QF7V-8HJ3-4XW7...

7.5CVSS7.1AI score0.01207EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2020/04/22 8:59 p.m.52 views

Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET

Impact Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must...

7.3CVSS1.8AI score0.01086EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/04/22 8:59 p.m.29 views

GHSA-9475-XG6M-J7PW Subject Confirmation Method not validated in Saml2 Authentication Services for ASP.NET

Impact Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is also support in the Saml2 protocol for issuing tokens that is tied to a subject through other means, e.g. holder-of-key where possession of a private key must...

6.5CVSS7AI score0.01086EPSS
Exploits0References5
CNVD
CNVD
added 2020/04/22 12:0 a.m.7 views

Unspecified Vulnerability in Saml2 Authentication services for ASP.NET

Saml2 Authentication services for ASP.NET is a SAML Security Assertion Markup Language authentication service for ASP.NET. A security vulnerability exists in the method of token authentication in Saml2 Authentication services for ASP.NET versions 1.0.2 and 2.0.0 through 2.6.0. An attacker could...

7.3CVSS6.9AI score0.01086EPSS
Exploits0References1
NVD
NVD
added 2020/04/21 5:15 p.m.46 views

CVE-2020-5268

In Saml2 Authentication Services for ASP.NET versions before 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of the token. There is...

7.3CVSS6.5AI score0.01086EPSS
Exploits0References4
Rows per page
Query Builder