VYPR

Vendor CVEs

Linaro

All CVEs

22 total · sorted by risk
  • CVE-2019-1010292CriJul 16, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.

  • CVE-2019-1010298CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.04

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010297CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010296CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.03

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010295CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2019-1010293CriJul 15, 2019
    risk 0.64cvss 9.8epss 0.02

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2018-12565HigJun 19, 2018
    risk 0.57cvss 8.8epss 0.02

    An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.

  • CVE-2026-37540HigMay 1, 2026
    risk 0.55cvss 8.4epss 0.00

    OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq,…

  • CVE-2019-1010294HigJul 15, 2019
    risk 0.49cvss 7.5epss 0.01

    Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.

  • CVE-2018-12564MedJun 19, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.

  • CVE-2018-12563MedJun 19, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.

  • CVE-2023-0028Jan 1, 2023
    risk 0.03cvss epss 0.41

    Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+.

  • CVE-2025-70037Mar 9, 2026
    risk 0.00cvss epss 0.00

    An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code.

  • CVE-2025-70038Mar 9, 2026
    risk 0.00cvss epss 0.00

    An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.

  • CVE-2025-70039Mar 9, 2026
    risk 0.00cvss epss 0.00

    An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223.

  • CVE-2023-2675May 12, 2023
    risk 0.00cvss epss 0.01

    Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223.

  • CVE-2023-1665Mar 27, 2023
    risk 0.00cvss epss 0.01

    Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.

  • CVE-2022-44641Nov 18, 2022
    risk 0.00cvss epss 0.01

    In Linaro Automated Validation Architecture (LAVA) before 2022.11, users with valid credentials can submit crafted XMLRPC requests that cause a recursive XML entity expansion, leading to excessive use of memory on the server and a Denial of Service.

  • CVE-2022-45132Nov 18, 2022
    risk 0.00cvss epss 0.02

    In Linaro Automated Validation Architecture (LAVA) before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be…

  • CVE-2022-42902Oct 13, 2022
    risk 0.00cvss epss 0.01

    In Linaro Automated Validation Architecture (LAVA) before 2022.10, there is dynamic code execution in lava_server/lavatable.py. Due to improper input sanitization, an anonymous user can force the lava-server-gunicorn service to execute user-provided code on the server.

  • CVE-2019-1010205Jul 23, 2019
    risk 0.00cvss epss 0.03

    LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here:…

  • CVE-2017-1000412HigJan 2, 2018
    risk 0.00cvss 7.5epss 0.02

    Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.