| CVE-2016-9814 |
critical |
9.1 |
9.1 |
|
|
|
9y ago |
The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers … |
| CVE-2025-27773 |
unknown |
— |
— |
|
|
|
1y ago |
The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An at… |
| CVE-2024-52806 |
unknown |
— |
— |
|
|
|
2y ago |
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerabilit… |
| CVE-2023-49087 |
unknown |
— |
— |
|
|
|
3y ago |
Validation of SignedInfo |
| CVE-2018-7711 |
unknown |
— |
— |
|
|
|
4y ago |
HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures acce… |
| CVE-2018-6519 |
unknown |
— |
— |
|
|
|
4y ago |
The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 in SimpleSAMLphp has a Regular Expression Denial of Service vulnerability for fraction-of-seconds data in a timestamp. |
| CVE-2018-7644 |
unknown |
— |
— |
|
|
|
4y ago |
The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion… |