Search CVE reports
1 – 9 of 9 results
CVE-2023-36661
Medium prioritySome fixes available 1 of 9
Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)
1 affected packages
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xmltooling | Needs evaluation | Vulnerable | Vulnerable | Vulnerable | Fixed |
CVE-2019-9628
Medium priorityThe XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was...
1 affected packages
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xmltooling | — | — | — | Fixed | Fixed |
CVE-2018-0489
High prioritySome fixes available 2 of 3
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information...
1 affected packages
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xmltooling | — | — | — | Not affected | Fixed |
CVE-2018-0486
Medium prioritySome fixes available 2 of 4
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive...
1 affected packages
xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| xmltooling | — | — | — | Not affected | Fixed |
CVE-2015-0851
Medium prioritySome fixes available 2 of 9
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
2 affected packages
opensaml2, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| opensaml2 | — | — | — | Not affected | Not affected |
| xmltooling | — | — | — | Not affected | Not affected |
CVE-2009-3300
Medium prioritySome fixes available 1 of 11
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative...
4 affected packages
opensaml2, shibboleth-sp, shibboleth-sp2, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| opensaml2 | — | — | — | — | — |
| shibboleth-sp | — | — | — | — | — |
| shibboleth-sp2 | — | — | — | — | — |
| xmltooling | — | — | — | — | — |
CVE-2009-3476
Medium prioritySome fixes available 5 of 9
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows...
3 affected packages
opensaml, shibboleth-sp, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| opensaml | — | — | — | — | — |
| shibboleth-sp | — | — | — | — | — |
| xmltooling | — | — | — | — | — |
CVE-2009-3475
Medium prioritySome fixes available 3 of 9
Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which...
3 affected packages
opensaml, shibboleth-sp, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| opensaml | — | — | — | — | — |
| shibboleth-sp | — | — | — | — | — |
| xmltooling | — | — | — | — | — |
CVE-2009-3474
Low prioritySome fixes available 5 of 9
OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a...
3 affected packages
opensaml, shibboleth-sp, xmltooling
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| opensaml | — | — | — | — | — |
| shibboleth-sp | — | — | — | — | — |
| xmltooling | — | — | — | — | — |