Writeup Exploits
60,737 exploits tracked across all sources.
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Mount Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Readlink Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-Based Buffer Overflow in NFS Lookup Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Stack-based Buffer Overflow in NFS Handler Reply Function
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Integer Underflow via UDP Packet Handler
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
CVSS 9.8
Das U-Boot < 2019.07 - Out-of-bounds Write via NFSv3 Reply Handling
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
CVSS 9.8
Das U-Boot < 2019.07 - Out-of-bounds Read in NFS Reply Handler
An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
CVSS 9.1
Das U-Boot < 2019.07 - Out-of-bounds Write via NFS Lookup Reply
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
CVSS 9.8
Das U-Boot < 2019.07 - Out-of-bounds Write via NFS Readlink Reply
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
CVSS 9.8
Das U-Boot < 2019.07 - Out-of-bounds Write via NFSv2 Reply Handling
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
CVSS 9.8
Das U-Boot < 2019.07 - Out-of-bounds Write in NFS Readlink Reply
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
CVSS 9.8
Das U-Boot < 2019.07 - Integer Underflow via UDP Packet Processing
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
CVSS 9.8
Das U-Boot 2022.01 - Buffer Overflow
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
CVSS 7.8
Das U-Boot 2022.01 - Buffer Overflow
Das U-Boot 2022.01 has a Buffer Overflow.
CVSS 5.5
Das U-Boot <2021.04-rc2 - Use After Free
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
CVSS 7.8
Das U-Boot <2021.04-rc2 - Use After Free
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT.
CVSS 7.8
Das U-Boot <2021.04-rc2 - Buffer Overflow
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
CVSS 7.8
Das U-Boot <2021.04-rc2 - Buffer Overflow
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT.
CVSS 7.8
DENX U-Boot < 2025.10 - Buffer Overflow in net/bootp.c via DHCP Response
Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
CVSS 8.1
HashiCorp Nomad 0.5.0-0.9.4 - Exposure of Sensitive Information via Template Rendering
HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template.
CVSS 5.3
GitLab Omnibus 7.4-12.2.1 - Privilege Escalation via Logrotate Interaction
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVSS 9.8
GitLab 7.9.0-12.2.1 - Exposure of Sensitive Information via EXIF Geolocation Data
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads.
CVSS 5.3
GitLab 8.1-12.2.1 - Stored Cross-Site Scripting in Markdown Renderer
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads.
CVSS 6.1
GitLab 12.0-12.2.1 - Unauthorized Exposure of Merge Request IDs via Email
An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email.
CVSS 5.3
By Source