VYPR

rpm package

suse/lasso&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4

pkg:rpm/suse/lasso&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4

Vulnerabilities (4)

  • CVE-2025-47151Nov 5, 2025
    affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1

    A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerabili

  • CVE-2025-46404Nov 5, 2025
    affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1

    A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.

  • CVE-2025-46784Nov 5, 2025
    affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1

    A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response

  • CVE-2025-46705Nov 5, 2025
    affected < 2.6.1-150200.24.1fixed 2.6.1-150200.24.1

    A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability.