118 matches found
Astra Linux - уязвимость в python-pysaml2
PySAML2 is a pure Python implementation of the SAML Version 2 Standard. Before version 6.5.0, PySAML2 had a flaw in the verification of cryptographic signatures. This issue affects users of pysaml2 who use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents. PySAML2...
EUVD-2021-0211
Malware in sbrugna...
EUVD-2024-2513
Malicious code in bioql PyPI...
xmlsec1 bug fix and enhancement update
An update is available for xmlsec1. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...
Fedora 37 : libxml2 / xmlsec1 (2022-a6812b0224)
The remote Fedora 37 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2022-a6812b0224 advisory. Update to 2.10.3 Fix CVE-2022-40303 Fix CVE-2022-40304 Tenable has extracted the preceding description block directly from the Fedora security...
xmlsec1 bug fix update
An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML Security Library is a C library based on LibXML2 and OpenSSL. The library...
RHSA-2017:2492 Red Hat Security Advisory: xmlsec1 security update
Bulletin has no description...
RHSA-2011:0486 Red Hat Security Advisory: xmlsec1 security and bug fix update
Bulletin has no description...
RHSA-2009:1428 Red Hat Security Advisory: xmlsec1 security update
Bulletin has no description...
Authentication Bypass
github.com/RobotsAndPencils/go-saml is vulnerable to an Authentication Bypass. The vulnerability is due to improper configuration of the xmlsec1 tool in the go-saml library, which fails to restrict the origin of the public key used for signature verification. It allows an attacker to sign SAML...
RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
GHSA-6H53-Q94J-348W RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
RobotsAndPencils go-saml authentication bypass vulnerability
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
RHEL 5 : xmlsec1 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xmlsec1: xmlsec vulnerable to external entity expansion CVE-2017-1000061 Note that Nessus has not tested for this...
RHEL 6 : xmlsec1 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xmlsec1: xmlsec vulnerable to external entity expansion CVE-2017-1000061 Note that Nessus has not tested for this...
RHEL 5 : xmlsec1 (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - xmlsec1: xmlsec vulnerable to external entity expansion CVE-2017-1000061 Note that Nessus has not tested for this...
CVE-2023-48703
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
Authentication flaw
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...
CVE-2023-48703 SAML authentication bypass vulnerability in RobotsAndPencils/go-saml
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the xmlsec1 command line tool is called internally to verify the signature of SAML assertions. When xmlsec1 is used without defining the enabled...