The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Shibboleth Service Provider

2 XMLTooling: denial of service via Malformed XML Declaration
An attacker can trigger a fatal error via Malformed XML Declaration of XMLTooling, in order to trigger a denial of service...
CVE-2019-9628, DLA-1710-1, DSA-4407-1, openSUSE-SU-2019:1235-1, openSUSE-SU-2019:1276-1, SUSE-SU-2019:0928-1, SUSE-SU-2019:0929-1, USN-3921-1, VIGILANCE-VUL-28709
3 Shibboleth Service Provider: denial of service via Malformed Date/Time
An attacker can generate a fatal error via Malformed Date/Time of Shibboleth Service Provider, in order to trigger a denial of service...
VIGILANCE-VUL-28060
2 Apache XML Security for C++: NULL pointer dereference via KeyInfo
An attacker can force a NULL pointer to be dereferenced via KeyInfo of Apache XML Security for C++, in order to trigger a denial of service...
DLA-1458-1, DSA-4265-1, SANTUARIO-491, VIGILANCE-VUL-26907
3 Shibboleth Service Provider: signed data tampering
An attacker can tamper with an SAML document to be processed by Shibboleth Service Provider to reduce the scope of the cryptographic signature and so to become able to change the document, in order to raise his privileges...
CVE-2018-0489, DLA-1296-1, DSA-4126-1, openSUSE-SU-2018:0738-1, VIGILANCE-VUL-25384, VU#475445
3 XMLTooling-C: privilege escalation via DTD Processing
An attacker can bypass restrictions via DTD Processing of XMLTooling-C, in order to escalate his privileges...
CVE-2018-0486, DLA-1242-1, DSA-4085-1, openSUSE-SU-2018:0158-1, openSUSE-SU-2018:0738-1, SA43877, SUSE-SU-2018:0140-1, VIGILANCE-VUL-25037
2 curl: three vulnerabilities
An attacker can use several vulnerabilities of curl...
bulletinapr2018, bulletinoct2018, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, DLA-1195-1, DSA-4051-1, FEDORA-2017-0c062324cd, FEDORA-2017-45bdf4dace, HT208465, HT208692, JSA10874, openSUSE-SU-2018:0161-1, RHSA-2018:3558-01, STORM-2019-002, USN-3498-1, USN-3498-2, VIGILANCE-VUL-24564
2 Shibboleth Service Provider: privilege escalation via Dynamic MetadataProvider Security Filters
An attacker can bypass restrictions via Dynamic MetadataProvider Security Filters of Shibboleth Service Provider, in order to escalate his privileges...
CVE-2017-16852, DLA-1179-1, DSA-4038-1, openSUSE-SU-2017:3229-1, SUSE-SU-2017:3215-1, VIGILANCE-VUL-24444
3 Curl: multiple vulnerabilities
An attacker can use several vulnerabilities of Curl...
2001818, 2009692, bulletinapr2018, CERTFR-2019-AVI-325, cpuoct2018, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, DLA-711-1, DSA-2019-114, DSA-3705-1, FEDORA-2016-e8e8cdb4ed, HT207423, JSA10874, JSA10951, K01006862, K10196624, K26899353, K44503763, K46123931, K52828640, MIGR-5099570, openSUSE-SU-2016:2768-1, RHSA-2018:3558-01, SSA:2016-308-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20989
2 OpenSSL: denial of service via SSL3_AL_WARNING
An attacker can send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service...
1996096, 2000095, 2003480, 2003620, 2003673, 2004940, 2009389, bulletinoct2016, cpujul2019, CVE-2016-8610, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FreeBSD-SA-16:35.openssl, HPESBHF03897, JSA10808, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, openSUSE-SU-2017:0386-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2018:4104-1, PAN-SA-2017-0017, pfSense-SA-17_03.webgui, RHSA-2017:0286-01, RHSA-2017:0574-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA40886, SP-CAAAPUE, SPL-129207, SUSE-SU-2017:0304-1, SUSE-SU-2017:0348-1, SUSE-SU-2018:0112-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3964-1, SUSE-SU-2018:3994-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:1553-1, USN-3181-1, USN-3183-1, USN-3183-2, VIGILANCE-VUL-20941
2 OpenSSL 1.0.2i: NULL pointer dereference via CRL
An attacker can force a NULL pointer to be dereferenced via a CRL on an application linked to OpenSSL 1.0.2i, in order to trigger a denial of service...
1996096, 2000095, 2000209, 2003480, 2003620, 2003673, 2008828, CERTFR-2016-AVI-333, cisco-sa-20160927-openssl, cpuapr2017, cpujan2018, cpuoct2017, CVE-2016-7052, FEDORA-2016-97454404fe, FEDORA-2016-a555159613, FreeBSD-SA-16:27.openssl, HPESBHF03856, JSA10759, openSUSE-SU-2016:2496-1, openSUSE-SU-2018:0458-1, SA132, SB10171, SP-CAAAPUE, SPL-129207, SSA:2016-270-01, SUSE-SU-2016:2470-1, SUSE-SU-2016:2470-2, SUSE-SU-2019:14246-1, TNS-2016-16, VIGILANCE-VUL-20701
Our database contains other pages. You can request a free trial to read them.

Display information about Shibboleth Service Provider: