RSS   Vulnerabilities for 'Lasso'   RSS

2021-06-04
 
CVE-2021-28091

CWE-347
 

 
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

 
2017-08-11
 
CVE-2015-1783

 

 
The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors.

 
2009-01-07
 
CVE-2009-0050

CWE-20
 

 
Lasso 2.2.1 and earlier does not properly check the return value from the OpenSSL DSA_verify function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077.

 


Copyright 2021, cxsecurity.com

 

Back to Top