Lucene search
K

11 matches found

OSV
OSV
added 2025/12/11 6:44 p.m.7 views

CLSA-2025-1765478656 lasso: Fix of CVE-2025-47151

CVE-2025-47151: fix type confusion vulnerability in the lassonodeimplinitfromxml functionality...

9.8CVSS5.8AI score0.00824EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/11/17 12:47 a.m.18 views

lasso: Type confusion in Entr'ouvert Lasso

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.8.2 and prior. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS6.1AI score0.00824EPSS
Exploits1References6
SUSE Linux
SUSE Linux
added 2025/11/13 11:34 p.m.2 views

Security update for lasso

This update for lasso fixes the following issues: CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso bsc1253094 CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso bsc1253092 CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso bsc1253093 CVE-2025-47151: Fixed type...

9.8CVSS7AI score0.00824EPSS
Exploits4References16
SUSE Linux
SUSE Linux
added 2025/11/13 1:3 p.m.3 views

Security update for lasso

This update for lasso fixes the following issues: CVE-2025-46784: Fixed memory exhaustion in Entr'ouvert Lasso bsc1253094 CVE-2025-46404: Fixed denial of service in Entr'ouvert Lasso bsc1253092 CVE-2025-46705: Fixed denial of service in Entr'ouvert Lasso bsc1253093 CVE-2025-47151: Fixed type...

9.8CVSS6.5AI score0.00824EPSS
Exploits4References16
SUSE CVE
SUSE CVE
added 2025/11/07 12:25 a.m.4 views

SUSE CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS7.8AI score0.00824EPSS
Exploits1References10
Vulnrichment
Vulnrichment
added 2025/11/05 2:57 p.m.5 views

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS7.5AI score0.00824EPSS
Exploits1References1
CVE
CVE
added 2025/11/05 2:57 p.m.45 views

CVE-2025-47151

CVE-2025-47151 is a type confusion vulnerability in Entr'ouvert Lasso (lasso_node_impl_init_from_xml) that can allow arbitrary code execution via a crafted SAML response. Affected versions include Lasso 2.5.1 and 2.8.2, with exploitation via network input that does not require user interaction. T...

9.8CVSS7.5AI score0.00824EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2025/11/05 2:57 p.m.2 views

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

9.8CVSS8.4AI score0.00824EPSS
Exploits1
CVE
CVE
added 2025/11/05 2:56 p.m.26 views

CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/11/05 2:56 p.m.3 views

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

7.5CVSS6.5AI score0.0046EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2025/11/05 2:56 p.m.3 views

CVE-2025-46784

A denial of service vulnerability exists in the lassonodeinitfrommessagewithformat functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerabili...

7.5CVSS5.3AI score0.0046EPSS
Exploits1
Rows per page
Query Builder