VIR Vulnerability Intelligence Relay

Package impact

php Packagist / simplesamlphp/simplesamlphp

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2016-9955 medium 6.3 6.3 9y ago The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before 1.14.11 might allow remote attackers to spoof signatures on SAML 1 responses or possibly cause a denial of service (memory consu… debianphp
CVE-2017-12872 medium 5.9 5.9 9y ago The (1) Htpasswd authentication source in the authcrypt module and (2) SimpleSAML_Session class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by l… debianphp
CVE-2017-12871 medium 5.9 5.9 9y ago The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.x through 1.14.11 makes it easier for context-dependent attackers to bypass the encryption protection mechanism by lever… debianphp
CVE-2017-12870 medium 5.9 5.9 9y ago SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Cry… debianphp
CVE-2017-12867 medium 5.9 5.9 9y ago The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 and earlier allows attackers with access to a secret token to extend its validity period by manipulating the prepended time offset. debianphp
CVE-2016-3124 medium 5.3 5.3 9y ago The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote attackers to learn the PHP version on the system via unspecified vectors. debianphp