| CVE-2021-21239 |
critical |
— |
9.5 |
|
|
|
5y ago |
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default C… |
| CVE-2021-21238 |
critical |
— |
9.5 |
|
|
|
5y ago |
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to valid… |
| CVE-2016-10127 |
critical |
9.0 |
9.0 |
|
|
|
9y ago |
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response. |
| CVE-2016-10149 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response. |
| CVE-2017-1000246 |
medium |
5.3 |
5.3 |
|
|
|
9y ago |
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. |
| CVE-2020-5390 |
unknown |
— |
— |
|
|
|
6y ago |
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature in… |
| CVE-2017-1000433 |
unknown |
— |
— |
|
|
|
8y ago |
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password. |
