CVE search results

1 – 10 of 12 results

Detailed view

Sort by:

CVE-2025-9943

Medium priority

Needs evaluation

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider (SP) is configured to use an SQL database as storage service....

1 affected package

shibboleth-sp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2021-31826

Medium priority

Some fixes available 1 of 3

Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable (for a daemon crash) on systems not using this feature if a crafted cookie is...

1 affected package

shibboleth-sp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp	—	Not affected	Fixed	Not in release

CVE-2021-28963

Medium priority

Some fixes available 1 of 8

Shibboleth Service Provider before 3.2.1 allows content injection because template generation uses attacker-controlled parameters.

2 affected packages

shibboleth-sp, shibboleth-sp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp	Not affected	Needs evaluation	Fixed	Not in release
shibboleth-sp2	Not in release	Not in release	Not in release	Needs evaluation

CVE-2019-19191

Low priority

Ignored

Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by...

1 affected package

shibboleth-sp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp	—	—	Not affected	Not in release

CVE-2010-2450

Medium priority

Ignored

The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the...

2 affected packages

shibboleth-sp2, shibboleth-sp

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp2	—	—	—	—
shibboleth-sp	—	—	—	—

CVE-2017-16852

Medium priority

Some fixes available 2 of 3

shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic MetadataProvider plugin in Shibboleth Service Provider before 2.6.1 fails to properly configure itself with the MetadataFilter plugins and does not perform critical...

1 affected package

shibboleth-sp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp2	Not in release	Not in release	Not in release	Not affected

CVE-2015-2684

Low priority

Ignored

Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message.

1 affected package

shibboleth-sp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
shibboleth-sp2	—	—	—	Not affected

CVE-2011-2516

Medium priority

Some fixes available 3 of 16

Off-by-one error in the XML signature feature in Apache XML Security for C++ 1.6.0, as used in Shibboleth before 2.4.3 and possibly other products, allows remote attackers to cause a denial of service (crash) via a signature using...

2 affected packages

xml-security-c, shibboleth-sp2

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xml-security-c	—	—	—	—
shibboleth-sp2	—	—	—	—

CVE-2009-3300

Medium priority

Some fixes available 1 of 11

Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative...

4 affected packages

opensaml2, shibboleth-sp, shibboleth-sp2, xmltooling

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
opensaml2	—	—	—	—
shibboleth-sp	—	—	—	—
shibboleth-sp2	—	—	—	—
xmltooling	—	—	—	—

CVE-2009-3476

Medium priority

Some fixes available 5 of 9

Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows...

3 affected packages

opensaml, shibboleth-sp, xmltooling

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
opensaml	—	—	—	—
shibboleth-sp	—	—	—	—
xmltooling	—	—	—	—

Export to JSON

Results by page:

Search CVE reports