Vulnerabilities > Pengutronix
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-37847 | Unspecified vulnerability in Pengutronix Barebox crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification. | 7.5 |
| 2021-08-02 | CVE-2021-37848 | Information Exposure Through Discrepancy vulnerability in Pengutronix Barebox common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | 7.5 |
| 2020-12-21 | CVE-2020-25860 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Pengutronix Rauc The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. | 6.6 |
| 2020-06-07 | CVE-2020-13910 | Out-of-bounds Read vulnerability in Pengutronix Barebox Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | 9.1 |
| 2019-09-05 | CVE-2019-15938 | Out-of-bounds Write vulnerability in Pengutronix Barebox Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a memcpy. | 9.8 |
| 2019-09-05 | CVE-2019-15937 | Out-of-bounds Write vulnerability in Pengutronix Barebox Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a memcpy. | 9.8 |