rpm package
suse/lasso&distro=SUSE Linux Enterprise Module for Server Applications 15 SP6
pkg:rpm/suse/lasso&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47151 | — | < 2.8.2-150600.3.5.1 | 2.8.2-150600.3.5.1 | Nov 5, 2025 | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili | ||
| CVE-2025-46404 | — | < 2.8.2-150600.3.5.1 | 2.8.2-150600.3.5.1 | Nov 5, 2025 | A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. | ||
| CVE-2025-46705 | — | < 2.8.2-150600.3.5.1 | 2.8.2-150600.3.5.1 | Nov 5, 2025 | A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. |
- CVE-2025-47151Nov 5, 2025affected < 2.8.2-150600.3.5.1fixed 2.8.2-150600.3.5.1
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili
- CVE-2025-46404Nov 5, 2025affected < 2.8.2-150600.3.5.1fixed 2.8.2-150600.3.5.1
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
- CVE-2025-46705Nov 5, 2025affected < 2.8.2-150600.3.5.1fixed 2.8.2-150600.3.5.1
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.