rpm package

suse/u-boot-rpi3&distro=SUSE Linux Enterprise Server 12 SP3-LTSS

pkg:rpm/suse/u-boot-rpi3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS

Vulnerabilities (19)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-30790	Hig	7.8	< 2016.07-12.6.1	2016.07-12.6.1	Jun 8, 2022	Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVE-2022-30552	Med	5.5	< 2016.07-12.6.1	2016.07-12.6.1	Jun 8, 2022	Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2020-10648	Hig	7.8	< 2016.07-12.3.1	2016.07-12.3.1	Mar 19, 2020	Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVE-2019-14299		—	< 2016.07-12.3.1	2016.07-12.3.1	Mar 13, 2020	Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
CVE-2019-14204	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2019-14203	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14202	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14201	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14200	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-14198	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-14197	Cri	9.1	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14196	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14195	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14194	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2019-14193	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14192	Cri	9.8	< 2016.07-12.3.1	2016.07-12.3.1	Jul 31, 2019	An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-13103	Hig	7.1	< 2016.07-12.3.1	2016.07-12.3.1	Jul 29, 2019	A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-11059		—	< 2016.07-12.3.1	2016.07-12.3.1	May 10, 2019	Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
CVE-2019-11690		—	< 2016.07-12.3.1	2016.07-12.3.1	May 3, 2019	gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.

CVE-2022-30790HigJun 8, 2022
affected < 2016.07-12.6.1fixed 2016.07-12.6.1
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVE-2022-30552MedJun 8, 2022
affected < 2016.07-12.6.1fixed 2016.07-12.6.1
Das U-Boot 2022.01 has a Buffer Overflow.
CVE-2020-10648HigMar 19, 2020
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.
CVE-2019-14299Mar 13, 2020
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.
CVE-2019-14204CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVE-2019-14203CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVE-2019-14202CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVE-2019-14201CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVE-2019-14200CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVE-2019-14198CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVE-2019-14197CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVE-2019-14196CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVE-2019-14195CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVE-2019-14194CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVE-2019-14193CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVE-2019-14192CriJul 31, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVE-2019-13103HigJul 29, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.
CVE-2019-11059May 10, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.
CVE-2019-11690May 3, 2019
affected < 2016.07-12.3.1fixed 2016.07-12.3.1
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.