Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
shibboleth shibboleth-sp vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-31826
Shibboleth Service Provider 3.x prior to 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is supplied.
Shibboleth Service Provider
7.5
CVSSv3
CVE-2010-2450
The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key ...
Shibboleth Service Provider 2.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
NA
CVE-2015-0851
XMLTooling-C prior to 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote malicious users to cause a denial of service (crash) via schema-invalid XML data.
Xmltooling Project Xmltooling
NA
CVE-2011-2516
Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth prior to 2.4.3 and possibly other products, allows remote malicious users to cause a denial of service (crash) via a signature using a large RSA key, which triggers a buffer ...
Apache Xml Security For C\\+\\+ 1.6.0
Shibboleth Shibboleth-sp 1.3.2
Shibboleth Shibboleth-sp 1.3.3
Shibboleth Shibboleth-sp
Shibboleth Shibboleth-sp 2.4.1
Shibboleth Shibboleth-sp 1.3.4
Shibboleth Shibboleth-sp 2.2
Shibboleth Shibboleth-sp 2.1
Shibboleth Shibboleth-sp 1.3f
Shibboleth Shibboleth-sp 2.0
Shibboleth Shibboleth-sp 2.4
Shibboleth Shibboleth-sp 2.2.1
Shibboleth Shibboleth-sp 2.3.1
Shibboleth Shibboleth-sp 2.3
Shibboleth Shibboleth-sp 1.3.1
Shibboleth Shibboleth-sp 1.3.5
NA
CVE-2009-3300
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x prior to 1.3.4 and 2.x prior to 2.1.5, and the Service Provider 1.3.x prior to 1.3.5 and 2.x prior to 2.3, in Internet2 Middleware Initiative Shibboleth allow remote malicious users to inject...
Internet2 Identity Provider 2.1.2
Internet2 Identity Provider 2.1.3
Internet2 Service Provider 2.2
Internet2 Service Provider 2.1
Internet2 Identity Provider 1.3.1
Internet2 Identity Provider 1.3
Internet2 Service Provider 1.3.1
Internet2 Service Provider 1.3.2
Internet2 Identity Provider 1.3.3
Internet2 Identity Provider 1.3.2
Internet2 Identity Provider 2.1.4
Internet2 Service Provider 1.3
Internet2 Identity Provider 2.1.0
Internet2 Identity Provider 2.1.1
Internet2 Service Provider 1.3.3
Internet2 Service Provider 2.0
NA
CVE-2009-3474
OpenSAML 2.x prior to 2.2.1 and XMLTooling 1.x prior to 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x prior to 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote malicious users to use a certificate for both signing and encrypti...
Internet2 Opensaml 2.1.0
Internet2 Xmltooling 1.2.0
Internet2 Opensaml 2.2.0
Internet2 Opensaml 2.0
Internet2 Xmltooling 1.0.1
Internet2 Xmltooling 1.1.0
Internet2 Xmltooling 1.1.1
Internet2 Shibboleth-sp 2.2
Internet2 Shibboleth-sp 2.1
Internet2 Shibboleth-sp 1.3.1
Internet2 Shibboleth-sp 2.0
Internet2 Shibboleth-sp 1.3f
Internet2 Shibboleth-sp 1.3b
Internet2 Shibboleth-sp 1.3.2
NA
CVE-2009-3475
Internet2 Shibboleth Service Provider software 1.3.x prior to 1.3.3 and 2.x prior to 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which allows remote man-in-the-middle malici...
Internet2 Shibboleth-sp 2.0
Internet2 Shibboleth-sp 1.3.1
Internet2 Shibboleth-sp 1.3f
Internet2 Shibboleth-sp 2.2
Internet2 Shibboleth-sp 2.1
Internet2 Shibboleth-sp 1.3.2
NA
CVE-2009-3476
Buffer overflow in OpenSAML prior to 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x prior to 1.3.4, and XMLTooling prior to 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x prior to 2.2.1, allows remote malicious users to cause a denial o...
Internet2 Shibboleth-sp 1.3.2
Internet2 Shibboleth-sp 1.3.3
Internet2 Shibboleth-sp 1.3.1
Internet2 Shibboleth-sp 1.3f
Internet2 Opensaml 1.1
Internet2 Opensaml 1.1.1
Internet2 Xmltooling 1.1.0
Internet2 Xmltooling 1.0.1
Internet2 Xmltooling 1.1.1
Internet2 Xmltooling 1.2.0
Internet2 Xmltooling 1.2.1
Internet2 Shibboleth-sp 2.0
Internet2 Shibboleth-sp 2.1
Internet2 Shibboleth-sp 2.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started