| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2020-5225 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Log injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ... |
| CVE-2018-7711 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 h ... |
| CVE-2018-6520 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ... |
| CVE-2017-12872 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | The (1) Htpasswd authentication source in the authcrypt module and (2) ... |
| CVE-2017-12871 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAML ... |
| CVE-2017-12870 | vulnerable (no DSA, ignored) | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ... |
| CVE-2016-9955 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ... |
| CVE-2016-9814 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | fixed | fixed | The validateSignature method in the SAML2\Utils class in SimpleSAMLphp ... |
| Bug | Description |
|---|
| CVE-2020-5301 | SimpleSAMLphp versions before 1.18.6 contain an information disclosure ... |
| CVE-2020-5226 | Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ... |
| CVE-2019-3465 | Rob Richards XmlSecLibs, all versions prior to v3.0.3, as used for exa ... |
| CVE-2018-7644 | The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp b ... |
| CVE-2018-6521 | The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ... |
| CVE-2018-6519 | The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1. ... |
| CVE-2017-18122 | A signature-validation bypass issue was discovered in SimpleSAMLphp th ... |
| CVE-2017-18121 | The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ... |
| CVE-2017-12874 | The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof XM ... |
| CVE-2017-12873 | SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain se ... |
| CVE-2017-12869 | The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows remot ... |
| CVE-2017-12868 | The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleS ... |
| CVE-2017-12867 | The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 an ... |
| CVE-2012-0908 | Cross-site scripting (XSS) vulnerability in logout.php in SimpleSAMLph ... |
| CVE-2012-0040 | Cross-site scripting (XSS) vulnerability in modules/core/www/no_cookie ... |
| CVE-2011-4625 | simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectl ... |