131 matches found
Debian DSA-5318-1 : lava - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5318 advisory. Igor Ponomarev discovered that LAVA, a continuous integration system for deploying operating systems onto physical and virtual hardware for running tests, was suspectible ...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
Remote code execution
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
Denial of service
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-44641
Summary: CVE-2022-44641 concerns LAVA (Linaro Automated Validation Architecture) where a user with valid credentials can submit crafted XMLRPC requests that trigger recursive XML entity expansion, causing memory exhaustion on the server and resulting in a Denial of Service. Impact and scope: The ...
CVE-2022-44641
In Linaro Automated Validation Architecture LAVA before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service...
CVE-2022-45132
CVE-2022-45132 affects LAVA (Linaro Automated Validation Architecture) prior to 2022.11.1. The REST API endpoint that validates device configuration files loads user input as a Jinja2 template, enabling remote code execution on the LAVA server via a crafted template. Affected component: lava-serv...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
Debian dla-3192 : lava - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3192 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3192-1 [email protected] https://www.debian.org/lts/security/...
CVE-2022-42902
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
CVE-2022-42902
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
Input validation
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
CVE-2022-42902
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
PT-2022-26653 · Linaro · Lava
Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...