CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is...

7.1CVSS7.2AI score0.00493EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:18 p.m.•5 views

CVE-2020-13910

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...

9.1CVSS6.9AI score0.00433EPSS

Exploits0

RedhatCVE•added 2025/05/22 8:20 a.m.•4 views

CVE-2019-15937

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreply in net/nfs.c because a length field is directly used for a memcpy...

9.8CVSS7.6AI score0.00756EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 8:14 a.m.•5 views

CVE-2019-15938

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreq in fs/nfs.c because a length field is directly used for a memcpy...

9.8CVSS7.6AI score0.00756EPSS

Exploits0References1

OSV•added 2021/08/02 8:15 p.m.•6 views

CVE-2021-37848

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

7.5CVSS6.9AI score

Exploits0References2

OSV•added 2021/08/02 8:15 p.m.•9 views

CVE-2021-37847

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

7.5CVSS6.9AI score

Exploits0References2

NVD•added 2021/08/02 8:15 p.m.•11 views

CVE-2021-37847

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

7.5CVSS0.00316EPSS

Exploits1References2

NVD•added 2021/08/02 8:15 p.m.•6 views

CVE-2021-37848

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

7.5CVSS0.00316EPSS

Exploits1References2

Prion•added 2021/08/02 8:15 p.m.•13 views

Design/Logic Flaw

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

5CVSS7.5AI score0.00316EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/08/02 7:46 p.m.•10 views

CVE-2021-37848

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

7.6AI score0.00316EPSS

Exploits1References2

CVE•added 2021/08/02 7:46 p.m.•37 views

CVE-2021-37848

Pengutronix barebox (through 2021.07.0) is affected by CVE-2021-37848 due to a timing leak in common/password.c during hash comparison (strncmp). This is a timing-side-channel vulnerability in the bootloader used in embedded Linux systems. Affected component: barebox binary; issue arises from str...

7.5CVSS7.4AI score0.00316EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/08/02 7:45 p.m.•12 views

CVE-2021-37847

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

7.6AI score0.00316EPSS

Exploits1References2

CVE•added 2021/08/02 7:45 p.m.•42 views

CVE-2021-37847

CVE-2021-37847 affects Pengutronix barebox up to version 2021.07.0, where crypto/digest.c leaks timing information during digest verification because memcmp is used. The connected documents confirm the same description across NVD/Red Hat/OSV/CVE lists and related sources, with no details on concr...

7.5CVSS7.4AI score0.00316EPSS

Exploits1References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by