29 matches found
EUVD-2018-4523
Malware in sbrugna...
EUVD-2018-4525
Malware in sbrugna...
EUVD-2018-4524
Malware in sbrugna...
PT-2022-26653 · Linaro · Lava
Name of the Vulnerable Software and Affected Versions: Linaro Automated Validation Architecture LAVA versions prior to 2022.10 Description: The issue is related to dynamic code execution in lava server/lavatable.py due to improper input sanitization. This allows an anonymous user to force the...
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
CVE-2018-12565
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...
CVE-2018-12564
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
CVE-2018-12565
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...
CVE-2018-12565
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...
Remote code execution
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...
Design/Logic Flaw
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
CVE-2018-12564
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...
Design/Logic Flaw
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml...
DEBIAN-CVE-2018-12565
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load instead of yaml.safeload when parsing user data, remote code execution can occur...
CVE-2018-12564
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml...
CVE-2018-12564
CVE-2018-12564 affects LAVA (lava-server) where support for URLs in the submit page can be abused to force lava-server-gunicorn to read arbitrary server files readable by lavaserver and containing valid YAML. Impact per the sources is information disclosure (no explicit compromise of integrity/av...
CVE-2018-12563
CVE-2018-12563 (Linaro LAVA) affects LAVA prior to 2018.5.post1. The issue arises from the system’s handling of file: URLs, allowing a user to coerce lava-server-gunicorn to download any file from the filesystem that is readable by lavaserver and presented as valid YAML. This constitutes an arbit...
CVE-2018-12565
CVE-2018-12565 affects Linaro LAVA prior to 2018.5.post1. The root cause is parsing user data with yaml.load() instead of yaml.safe_load(), which can enable remote code execution. Documents do not provide a confirmed exploit method or patches within the LAVA project; no explicit remediation versi...