CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010292
https://notcve.org/view.php?id=CVE-2019-1010292
16 Jul 2019 — Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. OP-TEE versiones anteriores a v3.4.0 de Linaro/OP-TEE, está afectada por: Comprobaciones de límites. • https://github.com/OP-TEE/optee_os/commit/e3adcf566cb278444830e7badfdcc3983e334fd1 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010293
https://notcve.org/view.php?id=CVE-2019-1010293
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. Linaro / OP-TEE OP-TEE 3.3.0 y versiones anteriores se ven afectados por: Cruce de límites. • https://github.com/OP-TEE/optee_os/commit/95f36d661f2b75887772ea28baaad904bde96970 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010294
https://notcve.org/view.php?id=CVE-2019-1010294
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Error de redondeo. • https://github.com/OP-TEE/optee_os/commit/7e768f8a473409215fe3fff8f6e31f8a3a0103c6 • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1010295
https://notcve.org/view.php?id=CVE-2019-1010295
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/d5c5b0b77b2b589666024d219a8007b3f5b6faeb • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1010296
https://notcve.org/view.php?id=CVE-2019-1010296
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/b60e1cee406a1ff521145ab9534370dfb85dd592 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2019-1010297
https://notcve.org/view.php?id=CVE-2019-1010297
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/OP-TEE/optee_os/commit/a637243270fc1faae16de059091795c32d86e65e • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 1CVE-2019-1010298
https://notcve.org/view.php?id=CVE-2019-1010298
15 Jul 2019 — Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. OP-TEE versión 3.3.0 y anteriores de Linaro/OP-TEE, está afectado por: Desbordamiento de búfer. • https://github.com/RKX1209/CVE-2019-1010298 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12563
https://notcve.org/view.php?id=CVE-2018-12563
19 Jun 2018 — An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. Se ha descubierto un problema en Linaro LAVA en versiones anteriores a la 2018.5.post1. Debido al soporte para URL file:, un usuario puede forzar a lava-server-gunicorn a que descargue cualquier archivo del sistema de archivos si puede ser leído por lavaserver y un yaml válido. • https://git.linaro.org/lava/lava.git/commit/?id=e24ec39599bc07562ad8bc2a581144b8448cb214 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-12565 – Debian Security Advisory 4234-1
https://notcve.org/view.php?id=CVE-2018-12565
19 Jun 2018 — An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. Se ha descubierto un problema en Linaro LAVA en versiones anteriores a la 2018.5.post1. Debido al uso de yaml.load() en lugar de yaml.safe_load() al analizar datos de usuario, puede ocurrir la ejecución remota de código. Two vulnerabilities were discovered in LAVA, a continuous integration system for deploying operating systems for run... • https://git.linaro.org/lava/lava.git/commit/?id=583666c84ea2f12797a3eb71392bcb05782f5b14 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12564 – Debian Security Advisory 4234-1
https://notcve.org/view.php?id=CVE-2018-12564
19 Jun 2018 — An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. Se ha descubierto un problema en Linaro LAVA en versiones anteriores a la 2018.5.post1. Debido al soporte para URL en la página submit, un usuario puede falsificar una petición HTTP que forzará a lava-server-gunicorn a devolver cualquier archivo en el se... • https://git.linaro.org/lava/lava.git/commit/?id=95a9a77b144ced24d7425d6544ab03ca7f6c75d3 • CWE-20: Improper Input Validation •