Vulnerabilities > Denx > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-02-17 | CVE-2021-27138 | Unspecified vulnerability in Denx U-Boot The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT. network denx | 6.8 |
2021-02-17 | CVE-2021-27097 | Unspecified vulnerability in Denx U-Boot The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT. network denx | 6.8 |
2020-03-19 | CVE-2020-10648 | Improper Input Validation vulnerability in multiple products Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration. | 6.8 |
2019-08-06 | CVE-2019-13105 | Double Free vulnerability in Denx U-Boot 2019.07 Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem. | 6.8 |
2019-08-06 | CVE-2019-13104 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. | 6.8 |
2019-07-31 | CVE-2019-14197 | Out-of-bounds Read vulnerability in Denx U-Boot An issue was discovered in Das U-Boot through 2019.07. | 6.4 |
2019-05-03 | CVE-2019-11690 | Use of Insufficiently Random Values vulnerability in Denx U-Boot gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. | 4.3 |
2018-07-24 | CVE-2017-3226 | Cryptographic Issues vulnerability in Denx U-Boot Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. | 4.4 |
2018-06-26 | CVE-2018-1000205 | Improper Input Validation vulnerability in Denx U-Boot U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. | 4.3 |