CRITICAL9.8CVE-2022-34835In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables th… from 0, < 2021.01+dfsg-5+deb11u1
CRITICAL9.8CVE-2022-30767nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, l… from 0, < 2021.01+dfsg-5+deb11u1
CRITICAL9.8In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function.
from 0, < 2020.01+dfsg-2
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8u-boot - security update
from 0, < 2021.01+dfsg-5+deb11u1
CRITICAL9.8u-boot - security update
from 0, < 2021.01+dfsg-5+deb11u1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
CRITICAL9.8Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
from 0, < 2019.01+dfsg-6
CRITICAL9.8DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled.
from 0
CRITICAL9.1An issue was discovered in Das U-Boot through 2019.07.
from 0, < 2020.01+dfsg-1
HIGH8.2Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
from 0
HIGH8.2barebox is a bootloader.
from 0
HIGH8.1Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allo…
from 0
HIGH7.8Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size,…
from 0, < 2021.01+dfsg-5+deb11u1
HIGH7.8squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability…
from 0, < 2021.01+dfsg-5+deb11u1
HIGH7.8Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
from 0, < 2021.01+dfsg-5+deb11u1
HIGH7.8Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
from 0, < 2021.01+dfsg-5+deb11u1
HIGH7.8The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
from 0, < 2021.01+dfsg-5+deb11u2
HIGH7.8u-boot - security update
from 0, < 2021.01+dfsg-5+deb11u2
HIGH7.8u-boot - security update
from 0, < 2021.01+dfsg-5+deb11u2
HIGH7.8Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a craf…
from 0, < 2020.04+dfsg-1
HIGH7.8Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stac…
from 0, < 2020.01+dfsg-1
HIGH7.8Das U-Boot versions 2019.07-rc1 through 2019.07-rc4 can double-free a cached block of data when listing files in a crafted ext4 filesystem.
from 0, < 2020.01+dfsg-1
HIGH7.8In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including…
from 0, < 2020.01+dfsg-1
HIGH7.8DENX U-Boot through 2018.09-rc1 has a locally exploitable buffer overflow via a crafted kernel image because filesystem loading is mishandl…
from 0
HIGH7.6Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ401…
from 0, < 2017.11+dfsg1-2
HIGH7.1There exists an unchecked length field in UBoot.
from 0, < 2021.01+dfsg-5+deb11u1
HIGH7.1A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the st…
from 0, < 2020.01+dfsg-1
HIGH7.0An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2.
from 0, < 2014.07+dfsg1-1
MEDIUM6.8sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory l…
from 0, < 2021.01+dfsg-5+deb11u1
MEDIUM6.8An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafte…
from 0, < 2021.01+dfsg-5+deb11u1
MEDIUM6.8An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of…
from 0, < 2021.01+dfsg-5+deb11u1
MEDIUM6.8An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs files…
from 0, < 2021.01+dfsg-5+deb11u1
MEDIUM6.5A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install craf…
from 0
MEDIUM6.4Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.
from 0
MEDIUM5.9gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in…
from 0, < 2019.01+dfsg-6
MEDIUM5.5Das U-Boot 2022.01 has a Buffer Overflow.
from 0, < 2021.01+dfsg-5+deb11u1
MEDIUM5.5U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified…
from 0
MEDIUM4.6Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file.
from 0
LOW2.4A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
from 0, < 2021.01+dfsg-5+deb11u1