rpm package
suse/lasso&distro=SUSE Linux Enterprise Server 15 SP5-LTSS
pkg:rpm/suse/lasso&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-47151 | — | < 2.6.1-150200.24.1 | 2.6.1-150200.24.1 | Nov 5, 2025 | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili | ||
| CVE-2025-46404 | — | < 2.6.1-150200.24.1 | 2.6.1-150200.24.1 | Nov 5, 2025 | A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. | ||
| CVE-2025-46784 | — | < 2.6.1-150200.24.1 | 2.6.1-150200.24.1 | Nov 5, 2025 | A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response | ||
| CVE-2025-46705 | — | < 2.6.1-150200.24.1 | 2.6.1-150200.24.1 | Nov 5, 2025 | A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. |
- CVE-2025-47151Nov 5, 2025affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1
A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili
- CVE-2025-46404Nov 5, 2025affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1
A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.
- CVE-2025-46784Nov 5, 2025affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1
A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response
- CVE-2025-46705Nov 5, 2025affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1
A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.