Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
simplesamlphp simplesamlphp vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2011-4625
simplesamlphp prior to 1.6.3 (squeeze) and prior to 1.8.2 (sid) incorrectly handles XML encryption which could allow remote malicious users to decrypt or forge messages.
Simplesamlphp Simplesamlphp
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5
CVSSv2
CVE-2018-17189
In Apache HTTP server versions 2.4.37 and prior, by sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 (mod_http2) connections.
Apache Http Server 2.4.20
Apache Http Server 2.4.23
Apache Http Server 2.4.25
Apache Http Server 2.4.26
Apache Http Server 2.4.18
Apache Http Server 2.4.17
Apache Http Server 2.4.27
Apache Http Server 2.4.29
Apache Http Server 2.4.28
Apache Http Server 2.4.33
Apache Http Server 2.4.37
Apache Http Server 2.4.30
Apache Http Server 2.4.34
Apache Http Server 2.4.35
Netapp Santricity Cloud Connector -
Netapp Storage Automation Store -
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Retail Xstore Point Of Service 7.0
Oracle Hospitality Guest Access 4.2.0
2 Github repositories
5
CVSSv2
CVE-2018-17199
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.
Apache Http Server
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Netapp Santricity Cloud Connector -
Netapp Storage Automation Store -
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Oracle Enterprise Manager Ops Center 12.3.3
5
CVSSv2
CVE-2018-7644
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp prior to 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote malicious user to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically v...
Simplesamlphp Simplesamlphp
5
CVSSv2
CVE-2018-6519
The SAML2 library prior to 1.10.4, 2.x prior to 2.3.5, and 3.x prior to 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp.
Simplesamlphp Saml2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-12874
The InfoCard module 1.0 for SimpleSAMLphp allows malicious users to spoof XML messages by leveraging an incorrect check of return values in signature validation utilities.
Simplesamlphp Infocard Module 1.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-12869
The multiauth module in SimpleSAMLphp 1.14.13 and previous versions allows remote malicious users to bypass authentication context restrictions and use an authentication source defined in config/authsources.php via vectors related to improper validation of user input.
Simplesamlphp Simplesamlphp
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2016-3124
The sanitycheck module in SimpleSAMLphp prior to 1.14.1 allows remote malicious users to learn the PHP version on the system via unspecified vectors.
Simplesamlphp Simplesamlphp
4.3
CVSSv2
CVE-2021-21704
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid respon...
Php Php
Netapp Clustered Data Ontap -
4.3
CVSSv2
CVE-2021-38320
The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows malicious users to inject arbitrary web scripts, in versions up to...
Simplesamlphp Authentication Project Simplesamlphp Authentication
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »