Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/05/18 1:58 p.m.9 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/17 12:31 a.m.28 views

EUVD-2026-30673

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References3
OSV
OSV
added 2026/05/16 10:16 p.m.8 views

DEBIAN-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.8CVSS5.8AI score0.00126EPSS
Exploits1References1
NVD
NVD
added 2026/05/16 10:16 p.m.21 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.8CVSS0.00126EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/05/16 10:16 p.m.11 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References3
OSV
OSV
added 2026/05/16 10:16 p.m.10 views

UBUNTU-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References4
CVE
CVE
added 2026/05/16 9:26 p.m.19 views

CVE-2026-46728

The CVE-2026-46728 entry concerns U-Boot (before 2026.04) where FIT (Flat Image Tree) signature verification can bypass trust because hashed-nodes are omitted from a hash. Affected software: U-Boot (pre-2026.04). Vulnerable component: FIT signature verification process. Root cause: omission of ha...

8.8CVSS5.8AI score0.00126EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/16 9:26 p.m.8 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/05/16 9:26 p.m.11 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/16 9:26 p.m.8 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/16 9:26 p.m.46 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS0.00126EPSS
Exploits1References2
OSV
OSV
added 2026/05/16 9:26 p.m.3 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS5.9AI score0.00126EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.10 views

DENX Software Engineering Das U-Boot 访问控制错误漏洞

DENX Software Engineering's Das U-Boot is a general-purpose bootloader developed by the German company DENX Software Engineering. Versions of DENX Software Engineering's Das U-Boot prior to version 2026.04 contained an access control vulnerability. This vulnerability stemmed from the omission of...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.23 views

PT-2026-41468

Name of the Vulnerable Software and Affected Versions Das U-Boot versions prior to 2026.04 Description Das U-Boot allows a Flat Image Tree FIT signature verification bypass. This occurs because hashed-nodes are omitted from a hash, which can lead to the acceptance of unsigned or modified images...

8.2CVSS5.8AI score0.00126EPSS
Exploits1References15
OSV
OSV
added 2026/04/11 2:3 p.m.7 views

OESA-2026-1834 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.6 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References1
NVD
NVD
added 2026/03/20 11:16 p.m.8 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS0.00108EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 11:16 p.m.5 views

DEBIAN-CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.7AI score0.00108EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/20 10:51 p.m.6 views

CVE-2026-33243

Removed by vendor...

8.2CVSS5.8AI score0.00108EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/20 10:51 p.m.2 views

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
Rows per page
Query Builder