Shodan
Vulnerabilities
Vulnerable Software
Linaro:  Security Vulnerabilities
CVE-2019-1010292
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-16
CVE-2019-1010293
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS Score
9.8
EPSS Score
0.004
Published
2019-07-15
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-07-15
CVE-2019-1010295
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-07-15
CVE-2019-1010296
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-07-15
CVE-2019-1010297
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core (kernel) context. The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-07-15
CVE-2019-1010298
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in the context of TEE core (kernel). The component is: optee_os. The fixed version is: 3.4.0 and later.
CVSS Score
9.8
EPSS Score
0.055
Published
2019-07-15
CVE-2018-12563
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for file: URLs, a user can force lava-server-gunicorn to download any file from the filesystem if it's readable by lavaserver and valid yaml.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-06-19
CVE-2018-12564
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of support for URLs in the submit page, a user can forge an HTTP request that will force lava-server-gunicorn to return any file on the server that is readable by lavaserver and valid yaml.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-06-19
CVE-2018-12565
An issue was discovered in Linaro LAVA before 2018.5.post1. Because of use of yaml.load() instead of yaml.safe_load() when parsing user data, remote code execution can occur.
CVSS Score
8.8
EPSS Score
0.026
Published
2018-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved