Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
linaro lava vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-45132
In Linaro Automated Validation Architecture (LAVA) prior to 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can b...
Linaro Lava
4
CVSSv2
CVE-2018-12563
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.
Linaro Lava
6.5
CVSSv2
CVE-2018-12565
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
Linaro Lava
Debian Debian Linux 9.0
NA
CVE-2022-42902
In Linaro Automated Validation Architecture (LAVA) prior to 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.
Linaro Lava
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-44641
In Linaro Automated Validation Architecture (LAVA) prior to 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
Linaro Lava
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4
CVSSv2
CVE-2018-12564
An issue exists in Linaro LAVA prior to 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
Linaro Lava
Debian Debian Linux 8.0
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started