Siemens RuggedCom Rox Heap-based Buffer Overflow (CVE-2022-2347)

There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download...

EUVD-2025-142626

Malicious code in butanaih-asfia-dfu npm...

EUVD-2021-26928

Malware in sbrugna...

EUVD-2019-18289

Malware in sbrugna...

EUVD-2020-2484

Malware in sbrugna...

EUVD-2020-7501

Malware in sbrugna...

EUVD-2022-41817

Malicious code in bioql PyPI...

EUVD-2022-34616

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-2347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does no...

CVE-2019-8900

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary code to be executed on the device. Exploiting the vulnerability requires physical access to the...

CVE-2022-29246

Azure RTOS USBX is a USB host, device, and on-the-go OTG embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features o...

Huawei EulerOS: Security Advisory for uboot-tools (EulerOS-SA-2025-1047)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : uboot-tools (EulerOS-SA-2025-1047)

According to the versions of the uboot-tools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup...

Huawei EulerOS: Security Advisory for uboot-tools (EulerOS-SA-2024-2916)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : uboot-tools (EulerOS-SA-2024-2896)

According to the versions of the uboot-tools packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There exists an unchecked length field in UBoot.The U-Boot DFU implementation does not bound the length field in USB DFU download setup...

EulerOS 2.0 SP10 : uboot-tools (EulerOS-SA-2024-2916)

According to the versions of the uboot-tools package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : There exists an unchecked length field in UBoot.The U-Boot DFU implementation does not bound the length field in USB DFU download setup packet...

OESA-2024-2188 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound t...

OPENSUSE-SU-2024:10774-1 dfu-tool-1.5.8-1.5 on GA media

These are all security issues fixed in the dfu-tool-1.5.8-1.5 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12438-1 dfu-tool-1.8.6-1.1 on GA media

These are all security issues fixed in the dfu-tool-1.8.6-1.1 package on the GA media of openSUSE Tumbleweed...

USN-6523-1: u-boot-nezha vulnerability

It was discovered that U-Boot incorrectly handled certain USB DFU download setup packets. A local attacker could use this issue to cause U-Boot to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2022-2347 Nicolas Bidron and Nicolas Guigo discovered that U-Boot...