Every CVE whose affected-product data names Linaro Lava, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2022-45132 — CVSS 9.8 (critical): In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2…
CVE-2018-12565 — CVSS 8.8 (high): An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user…
CVE-2022-42902 — CVSS 8.8 (high): In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to…
CVE-2018-12563 — CVSS 6.5 (medium): An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to…
CVE-2018-12564 — CVSS 6.5 (medium): An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP…
CVE-2022-44641 — CVSS 6.5 (medium): In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that…