Lucene search
K

131 matches found

Prion
Prion
added 2018/06/19 5:29 a.m.18 views

Remote code execution

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

6.5CVSS9AI score0.02471EPSS
Exploits0References2Affected Software2
Prion
Prion
added 2018/06/19 5:29 a.m.18 views

Design/Logic Flaw

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...

4CVSS6.5AI score0.01504EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2018/06/19 5:29 a.m.16 views

CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

6.5CVSS6.4AI score0.00889EPSS
Exploits0References1
Prion
Prion
added 2018/06/19 5:29 a.m.11 views

Design/Logic Flaw

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

4CVSS6.4AI score0.00889EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/19 5:29 a.m.6 views

DEBIAN-CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

8.8CVSS8.3AI score0.02471EPSS
Exploits0References1
OSV
OSV
added 2018/06/19 5:29 a.m.10 views

CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...

6.5CVSS6.9AI score
Exploits0References3
OSV
OSV
added 2018/06/19 5:29 a.m.5 views

CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

6.5CVSS6.7AI score
Exploits0References1
Cvelist
Cvelist
added 2018/06/19 5:0 a.m.22 views

CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...

6.6AI score0.01504EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/06/19 5:0 a.m.29 views

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

9AI score0.02471EPSS
Exploits0References2
CVE
CVE
added 2018/06/19 5:0 a.m.58 views

CVE-2018-12563

CVE-2018-12563 (Linaro LAVA) affects LAVA prior to 2018.5.post1. The issue arises from the system’s handling of file: URLs, allowing a user to coerce lava-server-gunicorn to download any file from the filesystem that is readable by lavaserver and presented as valid YAML. This constitutes an arbit...

6.5CVSS6.4AI score0.00889EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/19 5:0 a.m.80 views

CVE-2018-12565

CVE-2018-12565 affects Linaro LAVA prior to 2018.5.post1. The root cause is parsing user data with yaml.load() instead of yaml.safe_load(), which can enable remote code execution. Documents do not provide a confirmed exploit method or patches within the LAVA project; no explicit remediation versi...

8.8CVSS8.9AI score0.02471EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/06/19 5:0 a.m.72 views

CVE-2018-12564

CVE-2018-12564 affects LAVA (lava-server) where support for URLs in the submit page can be abused to force lava-server-gunicorn to read arbitrary server files readable by lavaserver and containing valid YAML. Impact per the sources is information disclosure (no explicit compromise of integrity/av...

6.5CVSS6.4AI score0.01504EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/06/19 5:0 a.m.19 views

CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

6.4AI score0.00889EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2018/06/19 5:0 a.m.19 views

CVE-2018-12563

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...

6.5CVSS6.4AI score0.00889EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/19 5:0 a.m.20 views

CVE-2018-12564

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...

6.5CVSS6.3AI score0.01504EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/06/19 5:0 a.m.20 views

CVE-2018-12565

An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...

8.8CVSS7.2AI score0.02471EPSS
Exploits0
CNVD
CNVD
added 2018/06/19 12:0 a.m.3 views

Linaro LAVA Remote Code Execution Vulnerability

Linaro LAVA is an automated verification system. The system is primarily used to test the deployment of device systems based on ARM cores. A security vulnerability exists in Linaro LAVA versions prior to 2018.5.post1, which stems from the program using the 'yaml.load' function instead of the...

8.8CVSS6.9AI score0.02471EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/19 12:0 a.m.2 views

Linaro LAVA Information Disclosure Vulnerability

Linaro LAVA is an automated verification system. The system is primarily used to test the deployment of device systems based on ARM cores. A security vulnerability exists in Linaro LAVA versions prior to 2018.5.post1. An attacker can exploit this vulnerability by forging an HTTP request to force...

6.5CVSS6.3AI score0.01504EPSS
Exploits0References1
CNVD
CNVD
added 2018/06/19 12:0 a.m.3 views

Linaro LAVA Arbitrary File Download Vulnerability

Linaro LAVA is an automated verification system. The system is primarily used to test the deployment of device systems based on ARM cores. A security vulnerability exists in Linaro LAVA versions prior to 2018.5.post1, which stems from the program's support for file: URLs.An attacker could use thi...

6.5CVSS6.5AI score0.00889EPSS
Exploits0References1
NVD
NVD
added 2018/01/02 5:29 p.m.17 views

CVE-2017-1000413

Linaro's open source TEE solution called OP-TEE, version 2.4.0 and older is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key...

5.9CVSS5.7AI score0.01565EPSS
Exploits0References3
Rows per page
Query Builder