Skip to main content

Lava

6 CVEs product

Monthly

CVE-2022-45132 CRITICAL POC Act Now

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Lava
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-44641 MEDIUM This Month

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lava Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2022-42902 HIGH PATCH This Week

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2018-12565 HIGH PATCH This Week

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Lava Debian Linux
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2018-12564 MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava Debian Linux
NVD
CVSS 3.0
6.5
EPSS
1.5%
CVE-2018-12563 MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava
NVD
CVSS 3.0
6.5
EPSS
0.9%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Lava
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Lava Debian Linux
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Lava +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Lava Debian Linux
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava Debian Linux
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

An issue was discovered in Linaro LAVA before 2018.5.post1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Lava
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy