17 matches found
EUVD-2018-4523
Malware in sbrugna...
EUVD-2022-48049
Malicious code in bioql PyPI...
DEBIAN-CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
Remote code execution
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
CVE-2022-45132
In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...
DEBIAN-CVE-2022-42902
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
Input validation
In Linaro Automated Validation Architecture LAVA before 2022.10, there is dynamic code execution in lavaserver/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server...
Debian: Security Advisory (DLA-1404-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1404-1 : lava-server security update
CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled again. For Debian 8 'Jessie', these problems have been fixed in version...
[SECURITY] [DLA 1404-1] lava-server security update
Package : lava-server Version : 2014.09.1-1+deb8u1 CVE ID : CVE-2018-12564 CVE-2018-12564 Using the feature to add URLs in the submit page, a user might be able to read any file on the server that is readable by lavaserver and consists of valid yaml. So with this patch the feature is disabled...
DLA-1404-1 lava-server - security update
Bulletin has no description...
Debian DSA-4234-1 : lava-server - security update
Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for running tests, which could result in information disclosure of files readable by the lavaserver system user or the execution of arbitrary code via a XMLRPC call. C Tenable Network...
DSA-4234-1 lava-server - security update
Bulletin has no description...
DEBIAN-CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
Linaro LAVA Arbitrary File Download Vulnerability
Linaro LAVA is an automated verification system. The system is primarily used to test the deployment of device systems based on ARM cores. A security vulnerability exists in Linaro LAVA versions prior to 2018.5.post1, which stems from the program's support for file: URLs.An attacker could use thi...
Linaro LAVA Information Disclosure Vulnerability
Linaro LAVA is an automated verification system. The system is primarily used to test the deployment of device systems based on ARM cores. A security vulnerability exists in Linaro LAVA versions prior to 2018.5.post1. An attacker can exploit this vulnerability by forging an HTTP request to force...