entrouvert 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
公開された問題は バッファオーバーフロー、vendor risk memory corruption, and vendor risk input validation に関連することが多く、vendor surface production workloads and vendor surface software deployment の文脈で vendor impact memory corruption and vendor impact unexpected behavior などの暴露リスクを伴う場合があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-47151 | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability. | [email protected] | 9.8 | 0.81% | 2025-11-05 | 2026-06-17 |
| CVE-2025-46784 | A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. | [email protected] | 7.5 | 0.41% | 2025-11-05 | 2026-06-17 |
| CVE-2025-46705 | A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. | [email protected] | 7.5 | 0.40% | 2025-11-05 | 2026-06-17 |
| CVE-2025-46404 | A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker can send a malformed SAML response to trigger this vulnerability. | [email protected] | 7.5 | 0.41% | 2025-11-05 | 2026-06-17 |
| CVE-2021-28091 | Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | [email protected] | 7.5 | 1.32% | 2021-06-04 | 2026-06-16 |
| CVE-2015-1783 | The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | [email protected] | 7.5 | 3.45% | 2017-08-11 | 2026-06-16 |
| CVE-2009-0050 | Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. | [email protected] | 4.3 | 1.34% | 2009-01-07 | 2026-06-16 |