Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
saml project saml vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-5390
PySAML2 prior to 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thu...
Pysaml2 Project Pysaml2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
6.5
CVSSv3
CVE-2023-26267
php-saml-sp prior to 1.1.1 and 2.x prior to 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR.
Php-saml-sp Project Php-saml-sp
6.5
CVSSv3
CVE-2021-21238
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 prior to 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML S...
Pysaml2 Project Pysaml2
6.5
CVSSv3
CVE-2021-21239
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 prior to 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impact...
Pysaml2 Project Pysaml2
Debian Debian Linux 9.0
6.1
CVSSv3
CVE-2023-45683
github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows malicious users to register malicious Service Providers at the IdP and in...
Saml Project Saml
6.1
CVSSv3
CVE-2019-3877
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as a...
Mod Auth Mellon Project Mod Auth Mellon
Fedoraproject Fedora 29
Redhat Enterprise Linux 7.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
5.3
CVSSv3
CVE-2023-40178
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logg...
Node Saml Project Node Saml
5.3
CVSSv3
CVE-2023-26483
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables malicious users to craft a `deflate`-compressed request which will consume...
Gosaml2 Project Gosaml2
NA
CVE-2023-48703
RobotsAndPencils go-saml, a SAML client library written in Go, contains an authentication bypass vulnerability in all known versions. This is due to how the `xmlsec1` command line tool is called internally to verify the signature of SAML assertions. When `xmlsec1` is used without...
NA
CVE-2012-5352
Java Open Single Sign-On Project Home (JOSSO) allows remote malicious users to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
Josso Java Open Single Sign-on Project Home -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2