Vulnerabilities > Entrouvert > Lasso > 2.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-04 | CVE-2021-28091 | Improper Verification of Cryptographic Signature vulnerability in multiple products Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature. | 7.5 |
| 2017-08-11 | CVE-2015-1783 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access and application crash) via unspecified vectors. | 5.0 |