Introduction

The following advisories cover security issues discovered, or contributed, by the team at F-Secure Hardware Security Team, previously known as Inverse Path.

CVEs	Description	Advisory
CVE-2019-5478	Xilinx ZU+ Encrypt Only Secure boot bypass via partition header	Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2019-5478	Xilinx ZU+ Encrypt Only Secure boot bypass via boot header	Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2018-18440	U-Boot verified boot bypass via network load	Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2018-18439	U-Boot verified boot bypass via filesystem load	Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2017-7936	NXP High Assurance Boot SDP protection bypass	Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2017-7932	NXP High Assurance Boot X.509 parsing error	Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2016-8673	Siemens SIMATIC cross-site request forgery	SSA-603476
CVE-2016-8672	Siemens SIMATIC missing cookie protection	SSA-603476
CVE-2016-1734	AppleUSBNetworking memory corruption	Security_Advisory-Ref_IPVR2016-0001_AppleUSBNetworking_memory_corruption.txt
CVE-2008-3908	WordNet stack and heap overflows	Security_Advisory-Ref_oCERT-2008-014-WordNet_stack_overflows.txt
CVE-2008-1530	GnuPG memory corruption	Security_Advisory-Ref_oCERT-2008-001-GnuPG_memory_corruption.txt
CVE-2003-0962	rsync heap-based buffer overflow	Security_Advisory-Ref_GLSA200312-03-rsync_heap_overflow.txt