Lucene search
+L
EntrouvertLasso

7 matches found

CVE
CVE
added 2021/06/04 2:39 p.m.229 views

CVE-2021-28091

CVE-2021-28091 affects the Lasso library. All versions prior to 2.7.0 are vulnerable due to improper verification of a cryptographic signature in SAML/XML signature processing, which can allow manipulation of SAML responses and potential impersonation. Remediation is to upgrade to version 2.7.0 o...

7.5CVSS7.2AI score0.01325EPSS
CVE
CVE
added 2009/01/07 6:0 p.m.83 views

CVE-2009-0050

Technical details for CVE-2009-0050 are not publicly available in the provided documents. Monitor for updates.

4.3CVSS7.1AI score0.01336EPSS
CVE
CVE
added 2017/08/11 9:0 p.m.55 views

CVE-2015-1783

The CVE-2015-1783 entry concerns the Lasso library. The root cause is a flaw in the get_or_define_ns function where the prefix variable can lead to uninitialized memory access, enabling a remote attacker to trigger a denial of service via unspecified vectors, resulting in an application crash. Th...

7.5CVSS7.2AI score0.0345EPSS
CVE
CVE
added 2025/11/05 2:57 p.m.47 views

CVE-2025-47151

CVE-2025-47151 is a type confusion vulnerability in Entr'ouvert Lasso (lasso_node_impl_init_from_xml) that can allow arbitrary code execution via a crafted SAML response. Affected versions include Lasso 2.5.1 and 2.8.2, with exploitation via network input that does not require user interaction. T...

9.8CVSS7.5AI score0.00817EPSS
CVE
CVE
added 2025/11/05 2:56 p.m.39 views

CVE-2025-46404

CVE-2025-46404 affects the lasso library’s SAML handling (lasso_provider_verify_saml_signature) and can cause denial of service via malformed SAML inputs. Connected advisories confirm multiple distributions issuing fixes: Debian DLA-4397-1 fixes lasso to 2.6.1-3+deb11u1; openSUSE openSUSE-SU-2025...

7.5CVSS6.5AI score0.0046EPSS
CVE
CVE
added 2025/11/05 2:56 p.m.27 views

CVE-2025-46784

The connected advisories confirm CVE-2025-46404, CVE-2025-46705, CVE-2025-46784 and CVE-2025-47151 affect the lasso library (Entr'ouvert Lasso / liblasso) used for Liberty/SAML processing. Descriptions show a mix of denial-of-service via malformed SAML responses causing memory depletion or crashe...

7.5CVSS6.5AI score0.0046EPSS
CVE
CVE
added 2025/11/05 2:56 p.m.25 views

CVE-2025-46705

CVE-2025-46705 affects Entr'ouvert Lasso (notably 2.5.1 and 2.8.2). A malformed SAML assertion/response can trigger denial of service. Connected advisories (Debian, openSUSE/SUSE, Ubuntu) confirm multiple Lasso CVEs (including 46404, 46784, 47151) with fixes in various package versions (e.g., Deb...

7.5CVSS6.5AI score0.00444EPSS