Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2021-21239

Medium priority

Some fixes available 6 of 7

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and...

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Fixed Fixed Fixed Fixed
Show less packages

CVE-2021-21238

Low priority
Vulnerable

PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are...

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Not affected Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2020-5390

Medium priority
Fixed

PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object...

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Fixed Fixed
Show less packages

CVE-2017-1000433

Medium priority
Fixed

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Fixed
Show less packages

CVE-2017-1000246

Negligible priority
Vulnerable

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Not affected Not affected Not affected Vulnerable Vulnerable
Show less packages

CVE-2016-10149

Medium priority

Some fixes available 2 of 3

XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Fixed
Show less packages

CVE-2016-10127

Low priority
Ignored

PySAML2 allows remote attackers to conduct XML external entity (XXE) attacks via a crafted SAML XML request or response.

1 affected packages

python-pysaml2

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-pysaml2 Not affected Not affected
Show less packages