Linaro
Products
6- 8 CVEs
- 6 CVEs
- 6 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
22| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1010292 | Cri | 0.64 | 9.8 | 0.02 | Jul 16, 2019 | Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0. | ||
| CVE-2019-1010298 | Cri | 0.64 | 9.8 | 0.04 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2019-1010297 | Cri | 0.64 | 9.8 | 0.03 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2019-1010296 | Cri | 0.64 | 9.8 | 0.03 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2019-1010295 | Cri | 0.64 | 9.8 | 0.02 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2019-1010293 | Cri | 0.64 | 9.8 | 0.02 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2018-12565 | Hig | 0.57 | 8.8 | 0.02 | Jun 19, 2018 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur. | ||
| CVE-2026-37540 | Hig | 0.55 | 8.4 | 0.00 | May 1, 2026 | OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq,… | ||
| CVE-2019-1010294 | Hig | 0.49 | 7.5 | 0.01 | Jul 15, 2019 | Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. | ||
| CVE-2018-12564 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2018 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml. | ||
| CVE-2018-12563 | Med | 0.42 | 6.5 | 0.01 | Jun 19, 2018 | An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml. | ||
| CVE-2023-0028 | 0.03 | — | 0.41 | Jan 1, 2023 | Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+. | |||
| CVE-2025-70037 | 0.00 | — | 0.00 | Mar 9, 2026 | An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code. | |||
| CVE-2025-70038 | 0.00 | — | 0.00 | Mar 9, 2026 | An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code. | |||
| CVE-2025-70039 | 0.00 | — | 0.00 | Mar 9, 2026 | An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223. | |||
| CVE-2023-2675 | 0.00 | — | 0.01 | May 12, 2023 | Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223. | |||
| CVE-2023-1665 | 0.00 | — | 0.01 | Mar 27, 2023 | Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0. | |||
| CVE-2022-44641 | 0.00 | — | 0.01 | Nov 18, 2022 | In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service. | |||
| CVE-2022-45132 | 0.00 | — | 0.02 | Nov 18, 2022 | In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be… | |||
| CVE-2022-42902 | 0.00 | — | 0.01 | Oct 13, 2022 | In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server. |
- risk 0.64cvss 9.8epss 0.02
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
- risk 0.64cvss 9.8epss 0.04
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.03
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.03
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.02
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.64cvss 9.8epss 0.02
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.57cvss 8.8epss 0.02
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
- risk 0.55cvss 8.4epss 0.00
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq,…
- risk 0.49cvss 7.5epss 0.01
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
- risk 0.42cvss 6.5epss 0.01
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.
- CVE-2023-0028Jan 1, 2023risk 0.03cvss —epss 0.41
Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.
- CVE-2025-70037Mar 9, 2026risk 0.00cvss —epss 0.00
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code.
- CVE-2025-70038Mar 9, 2026risk 0.00cvss —epss 0.00
An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.
- CVE-2025-70039Mar 9, 2026risk 0.00cvss —epss 0.00
An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223.
- CVE-2023-2675May 12, 2023risk 0.00cvss —epss 0.01
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223.
- CVE-2023-1665Mar 27, 2023risk 0.00cvss —epss 0.01
Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.
- CVE-2022-44641Nov 18, 2022risk 0.00cvss —epss 0.01
In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.
- CVE-2022-45132Nov 18, 2022risk 0.00cvss —epss 0.02
In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be…
- CVE-2022-42902Oct 13, 2022risk 0.00cvss —epss 0.01
In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.