Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 9 of 9 results

CVE-2023-36661

Medium priority

Some fixes available 1 of 9

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.)

1 affected packages

xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xmltooling Needs evaluation Vulnerable Vulnerable Vulnerable Fixed
Show less packages

CVE-2019-9628

Medium priority
Fixed

The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was...

1 affected packages

xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xmltooling Fixed Fixed
Show less packages

CVE-2018-0489

High priority

Some fixes available 2 of 3

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information...

1 affected packages

xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xmltooling Not affected Fixed
Show less packages

CVE-2018-0486

Medium priority

Some fixes available 2 of 4

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote attackers to obtain sensitive...

1 affected packages

xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
xmltooling Not affected Fixed
Show less packages

CVE-2015-0851

Medium priority

Some fixes available 2 of 9

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

2 affected packages

opensaml2, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml2 Not affected Not affected
xmltooling Not affected Not affected
Show less packages

CVE-2009-3300

Medium priority

Some fixes available 1 of 11

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative...

4 affected packages

opensaml2, shibboleth-sp, shibboleth-sp2, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml2
shibboleth-sp
shibboleth-sp2
xmltooling
Show less packages

CVE-2009-3476

Medium priority

Some fixes available 5 of 9

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows...

3 affected packages

opensaml, shibboleth-sp, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml
shibboleth-sp
xmltooling
Show less packages

CVE-2009-3475

Medium priority

Some fixes available 3 of 9

Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and 2.x before 2.2.1, when using PKIX trust validation, does not properly handle a '\0' character in the subject or subjectAltName fields of a certificate, which...

3 affected packages

opensaml, shibboleth-sp, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml
shibboleth-sp
xmltooling
Show less packages

CVE-2009-3474

Low priority

Some fixes available 5 of 9

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a...

3 affected packages

opensaml, shibboleth-sp, xmltooling

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
opensaml
shibboleth-sp
xmltooling
Show less packages