Search
Search Results (25 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-12564 | 2 Debian, Linaro | 2 Debian Linux, Lava | 2024-11-21 | N/A |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | ||||
| CVE-2018-12563 | 1 Linaro | 1 Lava | 2024-11-21 | N/A |
| An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. | ||||
| CVE-2018-12437 | 2 Libtom, Linaro | 2 Libtomcrypt, Op-tee | 2024-11-21 | 4.9 Medium |
| LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | ||||
| CVE-2017-1000413 | 1 Linaro | 1 Op-tee | 2024-11-21 | N/A |
| Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key. | ||||
| CVE-2017-1000412 | 1 Linaro | 1 Op-tee | 2024-11-21 | N/A |
| Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key. | ||||