Skip to content
Inverse Path | F-Secure Hardware Security Team - Security Advisories
Branch: master
Clone or download
Latest commit a9308af Sep 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2003-0962 initial import Jul 23, 2019
CVE-2008-1530 initial import Jul 23, 2019
CVE-2008-3908 initial import Jul 23, 2019
CVE-2016-1734 initial import Jul 23, 2019
CVE-2016-8672 initial import Jul 23, 2019
CVE-2016-8673 initial import Jul 23, 2019
CVE-2017-7932 initial import Jul 23, 2019
CVE-2017-7936 initial import Jul 23, 2019
CVE-2018-18439
CVE-2018-18440 initial import Jul 23, 2019
README.md assign CVE number Sep 4, 2019
Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt assign CVE number Sep 4, 2019
Security_Advisory-Ref_GLSA200312-03-rsync_heap_overflow.txt initial import Jul 23, 2019
Security_Advisory-Ref_IPVR2016-0001_AppleUSBNetworking_memory_corruption.txt initial import Jul 23, 2019
Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt U-Boot advisory update Jul 25, 2019
Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt initial import Jul 23, 2019
Security_Advisory-Ref_oCERT-2008-001-GnuPG_memory_corruption.txt U-Boot advisory update Jul 25, 2019
Security_Advisory-Ref_oCERT-2008-014-WordNet_stack_overflows.txt initial import Jul 23, 2019
ssa-603476.pdf initial import Jul 23, 2019

README.md

Introduction

The following advisories cover security issues discovered, or contributed, by the team at Inverse Path / F-Secure Hardware Security Team.

CVEs Description Advisory
CVE-2019-5478 Xilinx ZU+ Encrypt Only Secure boot bypass via partition header Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2019-5478 Xilinx ZU+ Encrypt Only Secure boot bypass via boot header Security_Advisory-Ref_FSC-HWSEC-VR2019-0001-Xilinx_ZU+-Encrypt_Only_Secure_Boot_bypass.txt
CVE-2018-18440 U-Boot verified boot bypass via network load Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2018-18439 U-Boot verified boot bypass via filesystem load Security_Advisory-Ref_IPVR2018-0001-U-Boot_verified_boot_bypass.txt
CVE-2017-7936 NXP High Assurance Boot SDP protection bypass Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2017-7932 NXP High Assurance Boot X.509 parsing error Security_Advisory-Ref_QBVR2017-0001-NXP_HAB_bypass.txt
CVE-2016-8673 Siemens SIMATIC cross-site request forgery SSA-603476
CVE-2016-8672 Siemens SIMATIC missing cookie protection SSA-603476
CVE-2016-1734 AppleUSBNetworking memory corruption Security_Advisory-Ref_IPVR2016-0001_AppleUSBNetworking_memory_corruption.txt
CVE-2008-3908 WordNet stack and heap overflows Security_Advisory-Ref_oCERT-2008-014-WordNet_stack_overflows.txt
CVE-2008-1530 GnuPG memory corruption Security_Advisory-Ref_oCERT-2008-001-GnuPG_memory_corruption.txt
CVE-2003-0962 rsync heap-based buffer overflow Security_Advisory-Ref_GLSA200312-03-rsync_heap_overflow.txt
You can’t perform that action at this time.