Lucene search
K

131 matches found

Tenable Nessus
Tenable Nessus
added 2023/01/14 12:0 a.m.34 views

Debian DSA-5318-1 : lava - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5318 advisory. Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was suspectible ...

6.5CVSS6.4AI score0.00972EPSS
Exploits0References6
NVD
NVD
added 2022/11/18 11:15 p.m.26 views

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

9.8CVSS0.01859EPSS
Exploits1References2
OSV
OSV
added 2022/11/18 11:15 p.m.9 views

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

9.8CVSS7.6AI score
Exploits0References2
Prion
Prion
added 2022/11/18 11:15 p.m.22 views

Remote code execution

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

7.5CVSS9.7AI score0.01859EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2022/11/18 9:15 p.m.16 views

CVE-2022-44641

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

6.5CVSS0.00972EPSS
Exploits0References3
OSV
OSV
added 2022/11/18 9:15 p.m.7 views

CVE-2022-44641

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

6.5CVSS6.3AI score
Exploits0References3
Prion
Prion
added 2022/11/18 9:15 p.m.16 views

Denial of service

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

4CVSS6.3AI score0.00972EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.6 views

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

8.1AI score0.01859EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/11/18 12:0 a.m.37 views

CVE-2022-44641

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

6.5AI score0.00972EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/11/18 12:0 a.m.28 views

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

10AI score0.01859EPSS
Exploits1References2
CVE
CVE
added 2022/11/18 12:0 a.m.73 views

CVE-2022-44641

Summary: CVE-2022-44641 concerns LAVA (Linaro Automated Validation Architecture) where a user with valid credentials can submit crafted XMLRPC requests that trigger recursive XML entity expansion, causing memory exhaustion on the server and resulting in a Denial of Service. Impact and scope: The ...

6.5CVSS6.2AI score0.00972EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/18 12:0 a.m.7 views

CVE-2022-44641

In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...

6.3AI score0.00972EPSS
Exploits0References3
CVE
CVE
added 2022/11/18 12:0 a.m.78 views

CVE-2022-45132

CVE-2022-45132 affects LAVA (Linaro Automated Validation Architecture) prior to 2022.11.1. The REST API endpoint that validates device configuration files loads user input as a Jinja2 template, enabling remote code execution on the LAVA server via a crafted template. Affected component: lava-serv...

9.8CVSS9.7AI score0.01859EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2022/11/18 12:0 a.m.32 views

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

9.8CVSS9.8AI score0.01859EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.34 views

Debian dla-3192 : lava - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3192 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3192-1 [email protected] https://www.debian.org/lts/security/...

8.8CVSS8.4AI score0.01259EPSS
Exploits1References4
OSV
OSV
added 2022/10/13 3:15 a.m.5 views

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

8.8CVSS8.9AI score
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/10/13 3:15 a.m.24 views

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

8.8CVSS7.7AI score0.01259EPSS
Exploits1References3
Prion
Prion
added 2022/10/13 3:15 a.m.23 views

Input validation

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

6.5CVSS8.8AI score0.01259EPSS
Exploits1References4Affected Software2
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.28 views

CVE-2022-42902

In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...

9.1AI score0.01259EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.5 views

PT-2022-26653 · Linaro · Lava

Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...

8.8CVSS8.7AI score0.01259EPSS
Exploits1References17
Rows per page
Query Builder