Vulnerabilities > Pysaml2 Project

DATE CVE VULNERABILITY TITLE RISK
2021-01-21 CVE-2021-21239 Improper Verification of Cryptographic Signature vulnerability in multiple products
PySAML2 is a pure python implementation of SAML Version 2 Standard.
network
low complexity
pysaml2-project debian CWE-347
6.5
2021-01-21 CVE-2021-21238 Improper Verification of Cryptographic Signature vulnerability in Pysaml2 Project Pysaml2
PySAML2 is a pure python implementation of SAML Version 2 Standard.
network
low complexity
pysaml2-project CWE-347
6.5
2020-01-13 CVE-2020-5390 Improper Verification of Cryptographic Signature vulnerability in multiple products
PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW).
network
low complexity
pysaml2-project canonical debian CWE-347
7.5
2018-01-02 CVE-2017-1000433 Improper Authentication vulnerability in multiple products
pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled.
network
high complexity
pysaml2-project debian CWE-287
8.1
2017-11-17 CVE-2017-1000246 Use of Insufficiently Random Values vulnerability in Pysaml2 Project Pysaml2
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
network
low complexity
pysaml2-project CWE-330
5.3
2017-03-24 CVE-2016-10149 XXE vulnerability in multiple products
XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.
network
low complexity
pysaml2-project debian CWE-611
7.5
2017-03-03 CVE-2016-10127 XXE vulnerability in Pysaml2 Project Pysaml2
PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.
network
low complexity
pysaml2-project CWE-611
critical
9.0