Skip to content
Inverse Path | F-Secure Hardware Security Team - Security Advisories
Branch: master
Clone or download
Latest commit 079ec17 Jan 13, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2003-0962
CVE-2008-1530
CVE-2008-3908
CVE-2016-1734
CVE-2016-8672
CVE-2016-8673
CVE-2017-7932
CVE-2017-7936
CVE-2018-18439
CVE-2018-18440
CVE-2019-5478
README.md
Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
Security_Advisory-Ref_GLSA200312-03-rsync_heap_overflow.txt
Security_Advisory-Ref_IPVR2016-0001_AppleUSBNetworking_memory_corruption.txt
Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
Security_Advisory-Ref_oCERT-2008-001-GnuPG_memory_corruption.txt
Security_Advisory-Ref_oCERT-2008-014-WordNet_stack_overflows.txt
ssa-603476.pdf

README.md

Introduction

The following advisories cover security issues discovered, or contributed, by the team at F-Secure Hardware Security Team, previously known as Inverse Path.

CVEs Description Advisory
CVE-2019-5478 Xilinx ZU+ Encrypt Only Secure boot bypass via partition header Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2019-5478 Xilinx ZU+ Encrypt Only Secure boot bypass via boot header Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2018-18440 U-Boot verified boot bypass via network load Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2018-18439 U-Boot verified boot bypass via filesystem load Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2017-7936 NXP High Assurance Boot SDP protection bypass Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2017-7932 NXP High Assurance Boot X.509 parsing error Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2016-8673 Siemens SIMATIC cross-site request forgery SSA-603476
CVE-2016-8672 Siemens SIMATIC missing cookie protection SSA-603476
CVE-2016-1734 AppleUSBNetworking memory corruption Security_Advisory-Ref_IPVR2016-0001_AppleUSBNetworking_memory_corruption.txt
CVE-2008-3908 WordNet stack and heap overflows Security_Advisory-Ref_oCERT-2008-014-WordNet_stack_overflows.txt
CVE-2008-1530 GnuPG memory corruption Security_Advisory-Ref_oCERT-2008-001-GnuPG_memory_corruption.txt
CVE-2003-0962 rsync heap-based buffer overflow Security_Advisory-Ref_GLSA200312-03-rsync_heap_overflow.txt
You can’t perform that action at this time.