Vulnerabilities > Denx > U Boot > 2015.01
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-29 | CVE-2019-13103 | Uncontrolled Recursion vulnerability in Denx U-Boot A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. | 3.6 |
| 2019-05-03 | CVE-2019-11690 | Use of Insufficiently Random Values vulnerability in Denx U-Boot gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. | 4.3 |
| 2018-11-20 | CVE-2018-18440 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandled. | 7.2 |
| 2018-11-20 | CVE-2018-18439 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. | 9.8 |
| 2018-07-24 | CVE-2017-3226 | Cryptographic Issues vulnerability in Denx U-Boot Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. | 4.4 |
| 2018-07-24 | CVE-2017-3225 | Cryptographic Issues vulnerability in Denx U-Boot Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. | 2.1 |
| 2018-06-26 | CVE-2018-1000205 | Improper Input Validation vulnerability in Denx U-Boot U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. | 4.3 |