Vulnerabilities > Denx > U Boot

DATE CVE VULNERABILITY TITLE RISK
2019-07-31 CVE-2019-14197 Out-of-bounds Read vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-125
6.4
2019-07-31 CVE-2019-14196 Out-of-bounds Write vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-787
7.5
2019-07-31 CVE-2019-14195 Out-of-bounds Write vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-787
7.5
2019-07-31 CVE-2019-14194 Out-of-bounds Write vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-787
7.5
2019-07-31 CVE-2019-14193 Out-of-bounds Write vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-787
7.5
2019-07-31 CVE-2019-14192 Integer Underflow (Wrap or Wraparound) vulnerability in Denx U-Boot
An issue was discovered in Das U-Boot through 2019.07.
network
low complexity
denx CWE-191
7.5
2019-07-29 CVE-2019-13103 Uncontrolled Recursion vulnerability in Denx U-Boot
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
local
low complexity
denx CWE-674
3.6
2019-05-10 CVE-2019-11059 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Denx U-Boot
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
network
low complexity
denx CWE-119
critical
9.8
2019-05-03 CVE-2019-11690 Use of Insufficiently Random Values vulnerability in Denx U-Boot
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
network
denx CWE-330
4.3
2019-03-21 CVE-2018-3968 Improper Verification of Cryptographic Signature vulnerability in Denx U-Boot
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2.
local
high complexity
denx CWE-347
7.0