Lucene search
K

106 matches found

OSV
OSV
added 2021/08/02 8:15 p.m.12 views

CVE-2021-37848

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

7.5CVSS6.9AI score
Exploits0References2
Prion
Prion
added 2021/08/02 8:15 p.m.18 views

Design/Logic Flaw

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

5CVSS7.5AI score0.01538EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/02 7:46 p.m.28 views

CVE-2021-37848

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

7.6AI score0.01538EPSS
Exploits1References2
CVE
CVE
added 2021/08/02 7:46 p.m.46 views

CVE-2021-37848

Pengutronix barebox (through 2021.07.0) is affected by CVE-2021-37848 due to a timing leak in common/password.c during hash comparison (strncmp). This is a timing-side-channel vulnerability in the bootloader used in embedded Linux systems. Affected component: barebox binary; issue arises from str...

7.5CVSS7.4AI score0.01538EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/08/02 7:45 p.m.17 views

CVE-2021-37847

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

7.6AI score0.01538EPSS
Exploits1References2
CVE
CVE
added 2021/08/02 7:45 p.m.48 views

CVE-2021-37847

CVE-2021-37847 affects Pengutronix barebox up to version 2021.07.0, where crypto/digest.c leaks timing information during digest verification because memcmp is used. The connected documents confirm the same description across NVD/Red Hat/OSV/CVE lists and related sources, with no details on concr...

7.5CVSS7.4AI score0.01538EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.6 views

Pengutronix barebox 信息泄露漏洞

Pengutronix barebox is a bootloader used in embedded Linux systems. A security vulnerability exists in barebox, which leaks time information in crypto digest.c in penguin tronix barebox through 2021.07.0 due to the use of memcmp during digest validation...

7.5CVSS7.3AI score0.01538EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

Pengutronix barebox 信息泄露漏洞

Pengutronix barebox is a bootloader used in embedded Linux systems. A security vulnerability exists in barebox that stems from common password. in Pengutronix barebox through 2021.07.0 leaks time information because strncmp is used during hash comparison...

7.5CVSS7.3AI score0.01538EPSS
Exploits1References3
CNVD
CNVD
added 2020/06/08 12:0 a.m.3 views

Pengutronix barebox buffer overflow vulnerability (CNVD-2020-36741)

Pengutronix barebox is a bootloader used in embedded Linux systems. A buffer overflow vulnerability exists in the nfsreadreply file in net/nfs.c in Pengutronix barebox version 2020.05.0 and earlier. The vulnerability originates when a network system or product performs an operation in memory...

9.1CVSS7.3AI score0.01225EPSS
Exploits0References1
NVD
NVD
added 2020/06/07 8:15 p.m.15 views

CVE-2020-13910

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...

9.1CVSS9.2AI score0.01225EPSS
Exploits0References1
OSV
OSV
added 2020/06/07 8:15 p.m.16 views

CVE-2020-13910

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...

9.1CVSS6.8AI score0.01225EPSS
Exploits0References1
Prion
Prion
added 2020/06/07 8:15 p.m.17 views

Out-of-bounds

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...

6.4CVSS9AI score0.01225EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/06/07 7:36 p.m.53 views

CVE-2020-13910

Pengutronix Barebox

9.1CVSS9.1AI score0.01225EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/06/07 7:36 p.m.20 views

CVE-2020-13910

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...

9.2AI score0.01225EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/06 12:0 a.m.2 views

Pengutronix Barebox Buffer Overflow Vulnerability (CNVD-2019-35034)

Pengutronix barebox is a bootloader used in embedded Linux systems. Pengutronix Barebox suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to cause, among other things, a buffer overflow or heap overflow...

9.8CVSS7.5AI score0.02095EPSS
Exploits0References1
CNVD
CNVD
added 2019/09/06 12:0 a.m.2 views

Pengutronix Barebox Buffer Overflow Vulnerability

Pengutronix barebox is a bootloader used in embedded Linux systems. Pengutronix Barebox suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to cause, among other things, a buffer overflow or heap overflow...

9.8CVSS7.5AI score0.02095EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 3:15 p.m.10 views

CVE-2019-15938

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreq in fs/nfs.c because a length field is directly used for a memcpy...

9.8CVSS7.5AI score0.02095EPSS
Exploits0References1
NVD
NVD
added 2019/09/05 3:15 p.m.26 views

CVE-2019-15937

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreply in net/nfs.c because a length field is directly used for a memcpy...

9.8CVSS9.8AI score0.02095EPSS
Exploits0References1
NVD
NVD
added 2019/09/05 3:15 p.m.19 views

CVE-2019-15938

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreq in fs/nfs.c because a length field is directly used for a memcpy...

9.8CVSS9.8AI score0.02095EPSS
Exploits0References1
OSV
OSV
added 2019/09/05 3:15 p.m.17 views

CVE-2019-15937

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreply in net/nfs.c because a length field is directly used for a memcpy...

9.8CVSS7.5AI score0.02095EPSS
Exploits0References1
Rows per page
Query Builder