Lucene search
+L

170 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:31 a.m.7 views

CVE-2019-14197

An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfsreadreply...

9.1CVSS6.6AI score0.02368EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 a.m.6 views

CVE-2019-14199

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an udppackethandler call...

9.8CVSS6.7AI score0.0235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 a.m.6 views

CVE-2019-14195

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfsreadlinkreply in the "else" block after calculating the new path length...

9.8CVSS6.7AI score0.0235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 a.m.11 views

CVE-2018-11952

An image with a version lower than the fuse version may potentially be booted lead to improper authentication...

8.4CVSS7.6AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:55 a.m.11 views

CVE-2018-1000205

U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality...

5.5CVSS6.7AI score0.00713EPSS
Exploits0References1
OSV
OSV
added 2025/05/06 5:16 p.m.4 views

UBUNTU-CVE-2025-32022

Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...

4.6CVSS6AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2025/05/05 8:15 p.m.13 views

CVE-2025-45611

Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...

9.8CVSS0.00442EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/05 12:0 a.m.8 views

PT-2025-19779 · Hope-Boot · Hope-Boot

Name of the Vulnerable Software and Affected Versions: hope-boot version 1.0.0 Description: The issue is related to incorrect access control in the "/user/edit/" component, which allows attackers to bypass authentication by sending a crafted GET request. Recommendations: For hope-boot version...

9.8CVSS6.7AI score0.00442EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2025/04/28 9:31 a.m.11 views

ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3041 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.1.0 <=3.1.12)

org.springframework.boot:spring-boot MAVEN version =3.1.0, =0.0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.0.6, =0.0.6, =0.0.28, =0.0.6, =0.0.7, =0.0.8, =0.0.11, =0.0.6, =0.3.2 - ai.timefold.solver:timefold-solver-spring-boot-autoconfigure =1.0.0 -...

7.3CVSS7AI score0.00358EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/28 9:31 a.m.8 views

ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4057 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.10)

org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

7.3CVSS7AI score0.00358EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/28 9:31 a.m.7 views

africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +38989 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.2)

org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

7.3CVSS7AI score0.00358EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/28 9:31 a.m.16 views

ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7782 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)

org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...

7.3CVSS7AI score0.00358EPSS
Exploits0
Packet Storm
Packet Storm
added 2025/04/15 12:0 a.m.307 views

📄 Spring Boot common-user-management 0.1 Shell Upload

Spring Boot common-user-management version 0.1 suffers from a remote shell upload vulnerability. Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...

8.7CVSS7AI score0.03222EPSS
Exploits3
RedhatCVE
RedhatCVE
added 2025/03/14 10:25 p.m.22 views

CVE-2025-20143

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...

6.7CVSS6.6AI score0.00104EPSS
Exploits0References1
CVE
CVE
added 2025/03/03 2:17 p.m.101 views

CVE-2025-0689

CVE-2025-0689 affects grub2, specifically the udf filesystem reader (grub_udf_read_block), where user-controlled data length metadata can cause a heap-based buffer overflow during disk read and sector iteration. This could corrupt data and allow arbitrary code execution, potentially bypassing sec...

7.8CVSS6.9AI score0.00444EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/02/19 7:15 p.m.7 views

CVE-2025-0624

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...

7.6CVSS0.01405EPSS
Exploits0References20
OSV
OSV
added 2025/02/18 8:15 p.m.11 views

CVE-2024-45781

A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...

6.7CVSS6.9AI score0.00243EPSS
Exploits0References4
CVE
CVE
added 2025/02/18 7:26 p.m.131 views

CVE-2025-0622

The CVE-2025-0622 entry describes a use-after-free vulnerability in grub2 where hooks created by loaded modules are not removed when the module is unloaded, potentially allowing arbitrary code execution and bypass of secure boot protections. Connected advisories (e.g., Red Hat RHSA-2025:16154 and...

6.4CVSS7.4AI score0.00268EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/18 12:0 a.m.4 views

DENX Software Engineering Das U-Boot 安全漏洞

DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1 that stems from stack exhaustion due to deep symbolic link nesting in squashfs...

2.4CVSS6.9AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 2025/02/18 12:0 a.m.76 views

CVE-2024-57257

CVE-2024-57257 describes a stack consumption issue in sqfs_size in Das U-Boot prior to 2025.01-rc1 triggered by a crafted squashfs filesystem with deep symlink nesting. The vulnerability affects Das U-Boot’s handling of SquashFS structures and may lead to stack exhaustion. Connected sources confi...

2.4CVSS6.9AI score0.00311EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder