common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash...
7.5CVSS
7.4AI Score
0.002EPSS
crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest...
7.5CVSS
7.4AI Score
0.002EPSS
The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is...
6.6CVSS
6.5AI Score
0.001EPSS
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds...
9.1CVSS
9.1AI Score
0.002EPSS
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_reply in net/nfs.c because a length field is directly used for a...
9.8CVSS
9.7AI Score
0.011EPSS
Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfs_readlink_req in fs/nfs.c because a length field is directly used for a...
9.8CVSS
9.7AI Score
0.011EPSS