Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LinaroLava*

3 matches found

CVE
CVEadded 2022/11/18 11:15 p.m.63 views

CVE-2022-45132

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger rem...

9.8CVSS9.7AI score0.04944EPSS
CVE
CVEadded 2022/10/13 3:15 a.m.57 views

CVE-2022-42902

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

8.8CVSS8.7AI score0.00295EPSS
CVE
CVEadded 2022/11/18 9:15 p.m.56 views

CVE-2022-44641

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

6.5CVSS6.2AI score0.00085EPSS