Vulnerabilities > Linaro > Lava
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-18 | CVE-2022-45132 | Code Injection vulnerability in Linaro Lava In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. | 9.8 |
| 2022-11-18 | CVE-2022-44641 | XML Entity Expansion vulnerability in multiple products In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | 6.5 |
| 2022-10-13 | CVE-2022-42902 | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. | 8.8 |
| 2018-06-19 | CVE-2018-12565 | Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. | 6.5 |
| 2018-06-19 | CVE-2018-12564 | Improper Input Validation vulnerability in multiple products An issue was discovered in Linaro LAVA before 2018.5.post1. | 4.0 |
| 2018-06-19 | CVE-2018-12563 | Improper Input Validation vulnerability in Linaro Lava An issue was discovered in Linaro LAVA before 2018.5.post1. | 4.0 |