Lucene search
K

16 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-19072

Malware in sbrugna...

7.7CVSS7.8AI score0.00934EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0118

Malware in sbrugna...

9.8CVSS8.5AI score0.04636EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/05/22 1:28 p.m.6 views

CVE-2018-7340

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

7.7CVSS7AI score0.00934EPSS
Exploits1References1
Ubuntu
Ubuntu
added 2025/02/28 5:30 p.m.20 views

USN-7309-1: Ruby SAML vulnerabilities

It was discovered that Ruby SAML did not properly validate SAML responses. An unauthenticated attacker could use this vulnerability to log in as an abitrary user. This issue only affected Ubuntu 16.04 LTS. CVE-2016-5697 It was discovered that Ruby SAML incorrectly utilized the results of XML DOM...

10CVSS8.3AI score0.10684EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.14 views

CVE-2017-11429

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

9.8CVSS6.9AI score0.02381EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.11 views

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS6.8AI score0.02415EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.9 views

CVE-2017-11427

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS6.8AI score0.04636EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:17 p.m.14 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS6.8AI score0.02512EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.16 views

Wizkunde SAMLBase SAML Bypass

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service...

7.5CVSS8.1AI score0.0166EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2019/07/05 9:11 p.m.33 views

Python-saml allows manipulation of SAML data without invalidation of cryptographic signature

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS9AI score0.04636EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2019/04/17 3:29 p.m.23 views

Authentication flaw

Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

5CVSS8.1AI score0.00934EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2019/04/17 2:29 p.m.16 views

PYSEC-2019-198

OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...

9.8CVSS4.9AI score0.04636EPSS
Exploits1References3
Prion
Prion
added 2019/04/17 2:29 p.m.15 views

Authentication flaw

Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to...

7.5CVSS9.5AI score0.02381EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2019/04/17 2:29 p.m.33 views

CVE-2017-11430

OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass...

9.8CVSS8.8AI score0.02415EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2019/04/17 2:29 p.m.25 views

CVE-2017-11428

OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication...

9.8CVSS7.1AI score0.02512EPSS
Exploits1References4
NVD
NVD
added 2018/07/24 3:29 p.m.9 views

CVE-2018-5387

Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service...

7.5CVSS7.6AI score0.0166EPSS
Exploits1References4
Rows per page
Query Builder