CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation with a failed length check at nfsreadreply, when calling storeblock in the NFSv2 case...

9.8CVSS7.3AI score0.0049EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в u-boot

The U-Boot 2022.01 has a Buffer Overflow issue...

5.5CVSS7AI score0.00069EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•0 views

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsmountreply...

9.8CVSS7.6AI score0.0053EPSS

RedhatCVE•added 2026/05/18 1:58 p.m.•4 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

SUSE CVE•added 2026/05/18 1:21 p.m.•5 views

SUSE CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

Tenable Nessus•added 2026/05/17 12:0 a.m.•4 views

Exploits0References3

Linux Distros Unpatched Vulnerability : CVE-2026-46728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash. CVE-2026-46728 Note that Nessus...

OSV•added 2026/05/16 10:16 p.m.•2 views

Exploits0References3

DEBIAN-CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

NVD•added 2026/05/16 10:16 p.m.•6 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

8.2CVSS0.00004EPSS

Debian CVE•added 2026/05/16 9:26 p.m.•3 views

CVE-2026-46728

Das U-Boot before 2026.04 allows FIT Flat Image Tree signature verification bypass because hashed-nodes is omitted from a hash...

CNNVD•added 2026/05/16 12:0 a.m.•4 views

Exploits0

DENX Software Engineering Das U-Boot 访问控制错误漏洞

DENX Software Engineering's Das U-Boot is a general-purpose bootloader developed by the German company DENX Software Engineering. Versions of DENX Software Engineering's Das U-Boot prior to version 2026.04 contained an access control vulnerability. This vulnerability stemmed from the omission of...

Tenable Nessus•added 2026/05/07 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: uboot-tools (UTSA-2026-016520)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016520 advisory. Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 3861aa5 up to today on any platform allows an attacker on the local...

8.1CVSS5.8AI score0.00096EPSS

Exploits0References4

OpenVAS•added 2026/02/24 12:0 a.m.•3 views

Ubuntu: Security Advisory (USN-8056-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS5.4AI score0.00096EPSS

RedhatCVE•added 2026/01/09 12:38 p.m.•0 views

CVE-2023-50810

In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used...

6CVSS7.9AI score0.00023EPSS

RedhatCVE•added 2026/01/09 10:52 a.m.•3 views

CVE-2022-33967

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service DoS condition or arbitrary code...

7.8CVSS7.6AI score0.00559EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:11 a.m.•5 views

CVE-2019-11690

genranduuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIGRANDOMUUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device...

5.9CVSS6.7AI score0.00316EPSS

RedhatCVE•added 2026/01/09 10:9 a.m.•7 views

CVE-2019-11059

Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow...

9.8CVSS7AI score0.00437EPSS

RedhatCVE•added 2026/01/09 8:53 a.m.•4 views

CVE-2021-27097

The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...

7.8CVSS6.7AI score0.00047EPSS

RedhatCVE•added 2026/01/09 8:53 a.m.•1 views

CVE-2021-27138

The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...

7.8CVSS6.9AI score0.00059EPSS

NVD•added 2025/12/11 8:15 p.m.•4 views

CVE-2025-36938

In U-Boot of appenduint32le, there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS0.00018EPSS