582 matches found
Fedora 29 : php-robrichards-xmlseclibs3 (2019-be01267416)
3.0.4 CVE-2019-3465 / https://simplesamlphp.org/security/201911-01 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Signature validation bypass in XmlSecLibs
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
GHSA-PQM6-CGWR-X6PF Signature validation bypass in XmlSecLibs
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
GHSA-852Q-XXJ4-X2RX SQL Injection in SimpleSAMLphp
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...
SQL Injection in SimpleSAMLphp
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
DEBIAN-CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
Input validation
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for example by SimpleSAMLphp, performed incorrect validation of cryptographic signatures in XML messages, allowing an authenticated attacker to impersonate others or elevate privileges by creating a crafted XML message...
CVE-2019-3465
CVE-2019-3465 affects Rob Richards XmlSecLibs (all versions before 3.0.3) used by SimpleSAMLphp, where XML signature validation is incorrect. An authenticated attacker can impersonate others or elevate privileges via crafted XML messages. The issue is mitigated by upgrading XmlSecLibs to v3.0.3 o...
SimpleSAMLphp Input Validation Error Vulnerability
SimpleSAMLphp is a set of PHP authentication applications that implement the SAML 2.0 service provider and identity provider features . A security vulnerability exists in SimpleSAMLphp that stems from the program's failure to properly validate cryptographic signatures in XML files. An attacker ca...
Debian: Security Advisory (DSA-4560-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-1983-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-4560-1 : simplesamlphp - security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...
Debian DLA-1983-1 : simplesamlphp security update
It was discovered that in SimpleSAMLphp, an implementation of the SAML 2.0 protocol, it was possible to circumvent XML signature verification on SAML messages. For Debian 8 'Jessie', this problem has been fixed in version 1.13.1-2+deb8u3. We recommend that you upgrade your simplesamlphp packages...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...
CVE-2011-4625
simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...