170 matches found
CVE-2019-14197
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfsreadreply...
CVE-2019-14199
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an udppackethandler call...
CVE-2019-14195
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfsreadlinkreply in the "else" block after calculating the new path length...
CVE-2018-11952
An image with a version lower than the fuse version may potentially be booted lead to improper authentication...
CVE-2018-1000205
U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality...
UBUNTU-CVE-2025-32022
Finit provides fast init for Linux systems. Finit's urandom plugin has a heap buffer overwrite vulnerability at boot which leads to it overwriting other parts of the heap, possibly causing random instabilities and undefined behavior. The urandom plugin is enabled by default, so this bug affects...
CVE-2025-45611
Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request...
PT-2025-19779 · Hope-Boot · Hope-Boot
Name of the Vulnerable Software and Affected Versions: hope-boot version 1.0.0 Description: The issue is related to incorrect access control in the "/user/edit/" component, which allows attackers to bypass authentication by sending a crafted GET request. Recommendations: For hope-boot version...
ai.stapi:arango-axon (>=0.0.1 <=0.0.2), ai.stapi:arango-graph (>=0.0.1 <=0.0.2) +3041 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.1.0 <=3.1.12)
org.springframework.boot:spring-boot MAVEN version =3.1.0, =0.0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.0.6, =0.0.6, =0.0.28, =0.0.6, =0.0.7, =0.0.8, =0.0.11, =0.0.6, =0.3.2 - ai.timefold.solver:timefold-solver-spring-boot-autoconfigure =1.0.0 -...
ai.driftkit:driftkit-audio-core (>=0.5.0 <=0.8.3), ai.driftkit:driftkit-audio-spring-boot-starter (>=0.5.0 <=0.8.7) +4057 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.3.0 <=3.3.10)
org.springframework.boot:spring-boot MAVEN version =3.3.0, =0.5.0, =0.5.0, =0.5.0, =0.5.8, =0.5.0, =0.5.7, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.5.0, =0.5.0, =0.7.9, =0.6.0, =0.6.0, =0.8.7 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...
africa.absa:inception-api (>=1.0.0 <=1.2.0), africa.absa:inception-application (>=1.0.0 <=1.2.0) +38989 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=1.0.0.RELEASE <=2.7.2)
org.springframework.boot:spring-boot MAVEN version =1.0.0.RELEASE, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =4.4.0.0, =4.6.0.0 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...
ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.114.0 <=0.120.0), ai.ancf.lmos:arc-memory-mongo-spring-boot-starter (>=0.114.0 <=0.120.0) +7782 more potentially affected by CVE-2025-22235 via org.springframework.boot:spring-boot (>=3.4.0 <=3.4.4)
org.springframework.boot:spring-boot MAVEN version =3.4.0, =0.114.0, =0.114.0, =0.114.0, =0.114.0, =0.5.0, =0.8.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =1.0.28 and more Source cves: CVE-2025-22235 Source advisory: OSV:GHSA-RC42-6C7J-7H5R...
📄 Spring Boot common-user-management 0.1 Shell Upload
Spring Boot common-user-management version 0.1 suffers from a remote shell upload vulnerability. Exploit Title: Unrestricted File Upload Google Dork: Date: 14/Nov/2024 Exploit Author: d3sca Vendor Homepage: https://github.com/OsamaTaher/Java-springboot-codebase Software Link:...
CVE-2025-20143
A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...
CVE-2025-0689
CVE-2025-0689 affects grub2, specifically the udf filesystem reader (grub_udf_read_block), where user-controlled data length metadata can cause a heap-based buffer overflow during disk read and sector iteration. This could corrupt data and allow arbitrary code execution, potentially bypassing sec...
CVE-2025-0624
A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the environment variable length...
CVE-2024-45781
A flaw was found in grub2. When reading a symbolic link's name from a UFS filesystem, grub2 fails to validate the string length taken as an input. The lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and eventually allowing an attacker to circumvent secure...
CVE-2025-0622
The CVE-2025-0622 entry describes a use-after-free vulnerability in grub2 where hooks created by loaded modules are not removed when the module is unloaded, potentially allowing arbitrary code execution and bypass of secure boot protections. Connected advisories (e.g., Red Hat RHSA-2025:16154 and...
DENX Software Engineering Das U-Boot 安全漏洞
DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in versions prior to DENX Software Engineering Das U-Boot 2025.01-rc1 that stems from stack exhaustion due to deep symbolic link nesting in squashfs...
CVE-2024-57257
CVE-2024-57257 describes a stack consumption issue in sqfs_size in Das U-Boot prior to 2025.01-rc1 triggered by a crafted squashfs filesystem with deep symlink nesting. The vulnerability affects Das U-Boot’s handling of SquashFS structures and may lead to stack exhaustion. Connected sources confi...