Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-14196 (GCVE-0-2019-14196)
Vulnerability from cvelistv5 – Published: 2019-07-31 12:30 – Updated: 2026-05-12 10:12
VLAI
EPSS
Summary
An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gitlab.com/u-boot/u-boot | x_refsource_MISC |
| https://blog.semmle.com/uboot-rce-nfs-vulnerability/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:25:25.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/u-boot/u-boot"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.semmle.com/uboot-rce-nfs-vulnerability/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX MX5000RE",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1400",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1500",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1501",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1510",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1511",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1512",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1524",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX1536",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM ROX RX5000",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.17.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T10:12:05.376Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-31T12:30:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/u-boot/u-boot"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.semmle.com/uboot-rce-nfs-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/u-boot/u-boot",
"refsource": "MISC",
"url": "https://gitlab.com/u-boot/u-boot"
},
{
"name": "https://blog.semmle.com/uboot-rce-nfs-vulnerability/",
"refsource": "MISC",
"url": "https://blog.semmle.com/uboot-rce-nfs-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-14196",
"datePublished": "2019-07-31T12:30:00.000Z",
"dateReserved": "2019-07-19T00:00:00.000Z",
"dateUpdated": "2026-05-12T10:12:05.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2019-14196",
"date": "2026-05-31",
"epss": "0.00411",
"percentile": "0.61679"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-14196\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-31T13:15:13.480\",\"lastModified\":\"2026-05-12T10:16:34.900\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Das U-Boot hasta versi\u00f3n 2019.07. Se presenta un memcpy ilimitado con una comprobaci\u00f3n de longitud fallida en la funci\u00f3n nfs_lookup_reply.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2019.07\",\"matchCriteriaId\":\"E42ED17C-F9DC-4584-B102-6DB9C48C23E9\"}]}]}],\"references\":[{\"url\":\"https://blog.semmle.com/uboot-rce-nfs-vulnerability/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/u-boot/u-boot\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.semmle.com/uboot-rce-nfs-vulnerability/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://gitlab.com/u-boot/u-boot\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/05/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-577017.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}"
}
}
SSA-577017
Vulnerability from csaf_siemens - Published: 2026-05-12 00:00 - Updated: 2026-05-12 00:00Summary
SSA-577017: Multiple Vulnerabilities in Ruggedcom Rox Before 2.17.1
Notes
Summary: Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities.
Siemens has released new versions for the affected products and recommends to update to the latest versions.
General Recommendations: As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources: For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use: The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.1 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.7 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.8 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
6.0 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
5.3 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
6.0 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
5.5 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.1 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
6.2 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
7.8 (High)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
6.2 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
6.6 (Medium)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.1 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
9.1 (Critical)
Affected products
Known affected
11 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
RUGGEDCOM ROX MX5000
Siemens / RUGGEDCOM ROX MX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX MX5000RE
Siemens / RUGGEDCOM ROX MX5000RE
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1400
Siemens / RUGGEDCOM ROX RX1400
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1500
Siemens / RUGGEDCOM ROX RX1500
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1501
Siemens / RUGGEDCOM ROX RX1501
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1510
Siemens / RUGGEDCOM ROX RX1510
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1511
Siemens / RUGGEDCOM ROX RX1511
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1512
Siemens / RUGGEDCOM ROX RX1512
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1524
Siemens / RUGGEDCOM ROX RX1524
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX1536
Siemens / RUGGEDCOM ROX RX1536
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
|
|
RUGGEDCOM ROX RX5000
Siemens / RUGGEDCOM ROX RX5000
|
vers:intdot/<2.17.1 |
Vendor Fix
fix
|
References
2 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Ruggedcom Rox before v2.17.1 contain multiple third-party vulnerabilities.\n\nSiemens has released new versions for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-577017: Multiple Vulnerabilities in Ruggedcom Rox Before 2.17.1 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-577017.html"
},
{
"category": "self",
"summary": "SSA-577017: Multiple Vulnerabilities in Ruggedcom Rox Before 2.17.1 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-577017.json"
}
],
"title": "SSA-577017: Multiple Vulnerabilities in Ruggedcom Rox Before 2.17.1",
"tracking": {
"current_release_date": "2026-05-12T00:00:00.000Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-577017",
"initial_release_date": "2026-05-12T00:00:00.000Z",
"revision_history": [
{
"date": "2026-05-12T00:00:00.000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
}
],
"status": "interim",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX MX5000",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX MX5000"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX MX5000RE",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX MX5000RE"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1400",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1400"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1500",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1500"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1501",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1501"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1510",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1510"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1511",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1511"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1512",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1512"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1524",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1524"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX1536",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX1536"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:intdot/\u003c2.17.1",
"product": {
"name": "RUGGEDCOM ROX RX5000",
"product_id": "11"
}
}
],
"category": "product_name",
"name": "RUGGEDCOM ROX RX5000"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13103",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-13103"
},
{
"cve": "CVE-2019-13104",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-13104"
},
{
"cve": "CVE-2019-13106",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-13106"
},
{
"cve": "CVE-2019-14192",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14192"
},
{
"cve": "CVE-2019-14193",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14193"
},
{
"cve": "CVE-2019-14194",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14194"
},
{
"cve": "CVE-2019-14195",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14195"
},
{
"cve": "CVE-2019-14196",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14196"
},
{
"cve": "CVE-2019-14197",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14197"
},
{
"cve": "CVE-2019-14198",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14198"
},
{
"cve": "CVE-2019-14199",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14199"
},
{
"cve": "CVE-2019-14200",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14200"
},
{
"cve": "CVE-2019-14201",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14201"
},
{
"cve": "CVE-2019-14202",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14202"
},
{
"cve": "CVE-2019-14203",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14203"
},
{
"cve": "CVE-2019-14204",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2019-14204"
},
{
"cve": "CVE-2020-10648",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2020-10648"
},
{
"cve": "CVE-2022-2347",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, if a physical attacker crafts a USB DFU download setup packet with a `wLength` greater than 4096 bytes, they can write beyond the heap-allocated request buffer.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-2347"
},
{
"cve": "CVE-2022-30552",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Das U-Boot 2022.01 has a Buffer Overflow.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-30552"
},
{
"cve": "CVE-2022-30790",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-30790"
},
{
"cve": "CVE-2022-34835",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the \"i2c md\" command enables the corruption of the return address pointer of the do_i2c_md function.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2022-34835"
},
{
"cve": "CVE-2023-3019",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-3019"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "summary",
"text": "The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2024-3447",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s-\u003edata_count` and the size of `s-\u003efifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-3447"
},
{
"cve": "CVE-2024-22365",
"cwe": {
"id": "CWE-664",
"name": "Improper Control of a Resource Through its Lifetime"
},
"notes": [
{
"category": "summary",
"text": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-22365"
},
{
"cve": "CVE-2024-57256",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-57256"
},
{
"cve": "CVE-2024-57258",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2024-57258"
},
{
"cve": "CVE-2025-0395",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"notes": [
{
"category": "summary",
"text": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-0395"
},
{
"cve": "CVE-2025-3576",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-3576"
},
{
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-6020"
},
{
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "summary",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-7425"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "summary",
"text": "Uncontrolled recursion in\u00a0XPath evaluation\u00a0in libxml2 up to and including version 2.9.14 allows a local attacker to cause a stack overflow via crafted expressions. XPath processing functions `xmlXPathRunEval`, `xmlXPathCtxtCompile`, and `xmlXPathEvalExpr` were resetting recursion depth to zero before making potentially recursive calls. When such functions were called recursively this could allow for uncontrolled recursion and lead to a stack overflow. These functions now preserve recursion depth across recursive calls, allowing recursion depth to be controlled.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-9714"
},
{
"cve": "CVE-2025-46836",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-46836"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-49794"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to V2.17.1 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/110002017/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11"
]
}
],
"title": "CVE-2025-49796"
}
]
}
SUSE-SU-2020:3255-1
Vulnerability from csaf_suse - Published: 2020-11-09 10:09 - Updated: 2020-11-09 10:09Summary
Security update for u-boot
Severity
Important
Notes
Title of the patch: Security update for u-boot
Description of the patch: This update for u-boot fixes the following issues:
CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209).
Fix USB keyboard problems (bsc#1160566).
Patchnames: SUSE-2020-3255,SUSE-SLE-SERVER-12-SP5-2020-3255
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
low
4.7 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
important
References
78 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for u-boot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for u-boot fixes the following issues:\n\nCVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), \nCVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), \nCVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), \nCVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), \nCVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), \nCVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), \nCVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), \nCVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), \nCVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209).\n\nFix USB keyboard problems (bsc#1160566).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3255,SUSE-SLE-SERVER-12-SP5-2020-3255",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3255-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3255-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203255-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3255-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007734.html"
},
{
"category": "self",
"summary": "SUSE Bug 1134157",
"url": "https://bugzilla.suse.com/1134157"
},
{
"category": "self",
"summary": "SUSE Bug 1134853",
"url": "https://bugzilla.suse.com/1134853"
},
{
"category": "self",
"summary": "SUSE Bug 1143463",
"url": "https://bugzilla.suse.com/1143463"
},
{
"category": "self",
"summary": "SUSE Bug 1143777",
"url": "https://bugzilla.suse.com/1143777"
},
{
"category": "self",
"summary": "SUSE Bug 1143817",
"url": "https://bugzilla.suse.com/1143817"
},
{
"category": "self",
"summary": "SUSE Bug 1143818",
"url": "https://bugzilla.suse.com/1143818"
},
{
"category": "self",
"summary": "SUSE Bug 1143819",
"url": "https://bugzilla.suse.com/1143819"
},
{
"category": "self",
"summary": "SUSE Bug 1143820",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "self",
"summary": "SUSE Bug 1143821",
"url": "https://bugzilla.suse.com/1143821"
},
{
"category": "self",
"summary": "SUSE Bug 1143823",
"url": "https://bugzilla.suse.com/1143823"
},
{
"category": "self",
"summary": "SUSE Bug 1143824",
"url": "https://bugzilla.suse.com/1143824"
},
{
"category": "self",
"summary": "SUSE Bug 1143825",
"url": "https://bugzilla.suse.com/1143825"
},
{
"category": "self",
"summary": "SUSE Bug 1143827",
"url": "https://bugzilla.suse.com/1143827"
},
{
"category": "self",
"summary": "SUSE Bug 1143828",
"url": "https://bugzilla.suse.com/1143828"
},
{
"category": "self",
"summary": "SUSE Bug 1143830",
"url": "https://bugzilla.suse.com/1143830"
},
{
"category": "self",
"summary": "SUSE Bug 1143831",
"url": "https://bugzilla.suse.com/1143831"
},
{
"category": "self",
"summary": "SUSE Bug 1160566",
"url": "https://bugzilla.suse.com/1160566"
},
{
"category": "self",
"summary": "SUSE Bug 1162198",
"url": "https://bugzilla.suse.com/1162198"
},
{
"category": "self",
"summary": "SUSE Bug 1167209",
"url": "https://bugzilla.suse.com/1167209"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11690 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13103 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14192 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14193 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14194 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14195 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14196 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14198 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14200 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14202 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14203 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14204 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8432 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8432/"
}
],
"title": "Security update for u-boot",
"tracking": {
"current_release_date": "2020-11-09T10:09:12Z",
"generator": {
"date": "2020-11-09T10:09:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3255-1",
"initial_release_date": "2020-11-09T10:09:12Z",
"revision_history": [
{
"date": "2020-11-09T10:09:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "u-boot-bananapim64-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-bananapim64-2019.01-5.3.1.aarch64",
"product_id": "u-boot-bananapim64-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-bananapim64-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-bananapim64-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-bananapim64-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard410c-2019.01-5.3.1.aarch64",
"product_id": "u-boot-dragonboard410c-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard410c-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-dragonboard410c-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard820c-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard820c-2019.01-5.3.1.aarch64",
"product_id": "u-boot-dragonboard820c-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard820c-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard820c-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-dragonboard820c-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-evb-rk3399-2019.01-5.3.1.aarch64",
"product_id": "u-boot-evb-rk3399-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-evb-rk3399-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-evb-rk3399-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-2019.01-5.3.1.aarch64",
"product_id": "u-boot-firefly-rk3399-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-firefly-rk3399-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-geekbox-2019.01-5.3.1.aarch64",
"product_id": "u-boot-geekbox-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-geekbox-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-geekbox-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-hikey-2019.01-5.3.1.aarch64",
"product_id": "u-boot-hikey-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-hikey-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-hikey-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-khadas-vim-2019.01-5.3.1.aarch64",
"product_id": "u-boot-khadas-vim-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-khadas-vim-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-khadas-vim-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim2-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-khadas-vim2-2019.01-5.3.1.aarch64",
"product_id": "u-boot-khadas-vim2-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim2-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-khadas-vim2-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-khadas-vim2-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-2019.01-5.3.1.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebudb-88f3720-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebudb-88f3720-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebudbarmada8k-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebudbarmada8k-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-nanopia64-2019.01-5.3.1.aarch64",
"product_id": "u-boot-nanopia64-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-nanopia64-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-nanopia64-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-odroid-c2-2019.01-5.3.1.aarch64",
"product_id": "u-boot-odroid-c2-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-odroid-c2-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-odroid-c2-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-orangepipc2-2019.01-5.3.1.aarch64",
"product_id": "u-boot-orangepipc2-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-orangepipc2-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-orangepipc2-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-p2371-2180-2019.01-5.3.1.aarch64",
"product_id": "u-boot-p2371-2180-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-p2371-2180-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-p2371-2180-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2771-0000-500-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-p2771-0000-500-2019.01-5.3.1.aarch64",
"product_id": "u-boot-p2771-0000-500-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2771-0000-500-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-p2771-0000-500-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-p2771-0000-500-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-pine64plus-2019.01-5.3.1.aarch64",
"product_id": "u-boot-pine64plus-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-pine64plus-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-pine64plus-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pinebook-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-pinebook-2019.01-5.3.1.aarch64",
"product_id": "u-boot-pinebook-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pinebook-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-pinebook-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-pinebook-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pineh64-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-pineh64-2019.01-5.3.1.aarch64",
"product_id": "u-boot-pineh64-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pineh64-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-pineh64-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-pineh64-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-poplar-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-poplar-2019.01-5.3.1.aarch64",
"product_id": "u-boot-poplar-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-poplar-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-poplar-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-poplar-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rock960-rk3399-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-rock960-rk3399-2019.01-5.3.1.aarch64",
"product_id": "u-boot-rock960-rk3399-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rock960-rk3399-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-rock960-rk3399-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-rock960-rk3399-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-rpi3-2019.01-5.3.1.aarch64",
"product_id": "u-boot-rpi3-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-rpi3-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-rpi3-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-tools-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-tools-2019.01-5.3.1.aarch64",
"product_id": "u-boot-tools-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpgeneric-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpgeneric-2019.01-5.3.1.aarch64",
"product_id": "u-boot-xilinxzynqmpgeneric-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpgeneric-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpgeneric-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-xilinxzynqmpgeneric-doc-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-2019.01-5.3.1.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-2019.01-5.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-5.3.1.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-5.3.1.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-5.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-5.3.1.i586",
"product": {
"name": "u-boot-tools-2019.01-5.3.1.i586",
"product_id": "u-boot-tools-2019.01-5.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-5.3.1.ppc64le",
"product": {
"name": "u-boot-tools-2019.01-5.3.1.ppc64le",
"product_id": "u-boot-tools-2019.01-5.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-5.3.1.s390x",
"product": {
"name": "u-boot-tools-2019.01-5.3.1.s390x",
"product_id": "u-boot-tools-2019.01-5.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-5.3.1.x86_64",
"product": {
"name": "u-boot-tools-2019.01-5.3.1.x86_64",
"product_id": "u-boot-tools-2019.01-5.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2019.01-5.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64"
},
"product_reference": "u-boot-rpi3-2019.01-5.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2019.01-5.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
},
"product_reference": "u-boot-tools-2019.01-5.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2019.01-5.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64"
},
"product_reference": "u-boot-rpi3-2019.01-5.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2019.01-5.3.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
},
"product_reference": "u-boot-tools-2019.01-5.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11059"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11059",
"url": "https://www.suse.com/security/cve/CVE-2019-11059"
},
{
"category": "external",
"summary": "SUSE Bug 1134853 for CVE-2019-11059",
"url": "https://bugzilla.suse.com/1134853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "low"
}
],
"title": "CVE-2019-11059"
},
{
"cve": "CVE-2019-11690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11690"
}
],
"notes": [
{
"category": "general",
"text": "gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11690",
"url": "https://www.suse.com/security/cve/CVE-2019-11690"
},
{
"category": "external",
"summary": "SUSE Bug 1134157 for CVE-2019-11690",
"url": "https://bugzilla.suse.com/1134157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "low"
}
],
"title": "CVE-2019-11690"
},
{
"cve": "CVE-2019-13103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13103"
}
],
"notes": [
{
"category": "general",
"text": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13103",
"url": "https://www.suse.com/security/cve/CVE-2019-13103"
},
{
"category": "external",
"summary": "SUSE Bug 1143463 for CVE-2019-13103",
"url": "https://bugzilla.suse.com/1143463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-13103"
},
{
"cve": "CVE-2019-14192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14192"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14192",
"url": "https://www.suse.com/security/cve/CVE-2019-14192"
},
{
"category": "external",
"summary": "SUSE Bug 1143777 for CVE-2019-14192",
"url": "https://bugzilla.suse.com/1143777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14192"
},
{
"cve": "CVE-2019-14193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14193"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14193",
"url": "https://www.suse.com/security/cve/CVE-2019-14193"
},
{
"category": "external",
"summary": "SUSE Bug 1143817 for CVE-2019-14193",
"url": "https://bugzilla.suse.com/1143817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14193"
},
{
"cve": "CVE-2019-14194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14194"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14194",
"url": "https://www.suse.com/security/cve/CVE-2019-14194"
},
{
"category": "external",
"summary": "SUSE Bug 1143818 for CVE-2019-14194",
"url": "https://bugzilla.suse.com/1143818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14194"
},
{
"cve": "CVE-2019-14195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14195"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14195",
"url": "https://www.suse.com/security/cve/CVE-2019-14195"
},
{
"category": "external",
"summary": "SUSE Bug 1143819 for CVE-2019-14195",
"url": "https://bugzilla.suse.com/1143819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14195"
},
{
"cve": "CVE-2019-14196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14196"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14196",
"url": "https://www.suse.com/security/cve/CVE-2019-14196"
},
{
"category": "external",
"summary": "SUSE Bug 1143820 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "external",
"summary": "SUSE Bug 1199623 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1199623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14196"
},
{
"cve": "CVE-2019-14197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14197"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14197",
"url": "https://www.suse.com/security/cve/CVE-2019-14197"
},
{
"category": "external",
"summary": "SUSE Bug 1143821 for CVE-2019-14197",
"url": "https://bugzilla.suse.com/1143821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14197"
},
{
"cve": "CVE-2019-14198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14198"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14198",
"url": "https://www.suse.com/security/cve/CVE-2019-14198"
},
{
"category": "external",
"summary": "SUSE Bug 1143823 for CVE-2019-14198",
"url": "https://bugzilla.suse.com/1143823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14198"
},
{
"cve": "CVE-2019-14199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14199"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14199",
"url": "https://www.suse.com/security/cve/CVE-2019-14199"
},
{
"category": "external",
"summary": "SUSE Bug 1143824 for CVE-2019-14199",
"url": "https://bugzilla.suse.com/1143824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14199"
},
{
"cve": "CVE-2019-14200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14200"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14200",
"url": "https://www.suse.com/security/cve/CVE-2019-14200"
},
{
"category": "external",
"summary": "SUSE Bug 1143825 for CVE-2019-14200",
"url": "https://bugzilla.suse.com/1143825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14200"
},
{
"cve": "CVE-2019-14201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14201"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14201",
"url": "https://www.suse.com/security/cve/CVE-2019-14201"
},
{
"category": "external",
"summary": "SUSE Bug 1143827 for CVE-2019-14201",
"url": "https://bugzilla.suse.com/1143827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14201"
},
{
"cve": "CVE-2019-14202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14202"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14202",
"url": "https://www.suse.com/security/cve/CVE-2019-14202"
},
{
"category": "external",
"summary": "SUSE Bug 1143828 for CVE-2019-14202",
"url": "https://bugzilla.suse.com/1143828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14202"
},
{
"cve": "CVE-2019-14203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14203"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14203",
"url": "https://www.suse.com/security/cve/CVE-2019-14203"
},
{
"category": "external",
"summary": "SUSE Bug 1143830 for CVE-2019-14203",
"url": "https://bugzilla.suse.com/1143830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14203"
},
{
"cve": "CVE-2019-14204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14204"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14204",
"url": "https://www.suse.com/security/cve/CVE-2019-14204"
},
{
"category": "external",
"summary": "SUSE Bug 1143831 for CVE-2019-14204",
"url": "https://bugzilla.suse.com/1143831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2019-14204"
},
{
"cve": "CVE-2020-10648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10648"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10648",
"url": "https://www.suse.com/security/cve/CVE-2020-10648"
},
{
"category": "external",
"summary": "SUSE Bug 1167209 for CVE-2020-10648",
"url": "https://bugzilla.suse.com/1167209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "moderate"
}
],
"title": "CVE-2020-10648"
},
{
"cve": "CVE-2020-8432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8432"
}
],
"notes": [
{
"category": "general",
"text": "In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8432",
"url": "https://www.suse.com/security/cve/CVE-2020-8432"
},
{
"category": "external",
"summary": "SUSE Bug 1162198 for CVE-2020-8432",
"url": "https://bugzilla.suse.com/1162198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-rpi3-2019.01-5.3.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:u-boot-tools-2019.01-5.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:09:12Z",
"details": "important"
}
],
"title": "CVE-2020-8432"
}
]
}
SUSE-SU-2020:3256-1
Vulnerability from csaf_suse - Published: 2020-11-09 10:12 - Updated: 2020-11-09 10:12Summary
Security update for u-boot
Severity
Important
Notes
Title of the patch: Security update for u-boot
Description of the patch: This update for u-boot fixes the following issues:
Fix CVE-2019-13106 (bsc#1144656), CVE-2019-13104 (bsc#1144675),
CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)
Patchnames: SUSE-2020-3256,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3256
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
low
4.7 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
important
References
85 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for u-boot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for u-boot fixes the following issues:\n\nFix CVE-2019-13106 (bsc#1144656), CVE-2019-13104 (bsc#1144675),\nCVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),\nCVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),\nCVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), \nCVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),\nCVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),\nCVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),\nCVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),\nCVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),\nCVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3256,SUSE-SLE-SERVER-12-SP4-LTSS-2020-3256",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3256-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3256-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203256-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3256-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007732.html"
},
{
"category": "self",
"summary": "SUSE Bug 1134157",
"url": "https://bugzilla.suse.com/1134157"
},
{
"category": "self",
"summary": "SUSE Bug 1134853",
"url": "https://bugzilla.suse.com/1134853"
},
{
"category": "self",
"summary": "SUSE Bug 1143463",
"url": "https://bugzilla.suse.com/1143463"
},
{
"category": "self",
"summary": "SUSE Bug 1143777",
"url": "https://bugzilla.suse.com/1143777"
},
{
"category": "self",
"summary": "SUSE Bug 1143817",
"url": "https://bugzilla.suse.com/1143817"
},
{
"category": "self",
"summary": "SUSE Bug 1143818",
"url": "https://bugzilla.suse.com/1143818"
},
{
"category": "self",
"summary": "SUSE Bug 1143819",
"url": "https://bugzilla.suse.com/1143819"
},
{
"category": "self",
"summary": "SUSE Bug 1143820",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "self",
"summary": "SUSE Bug 1143821",
"url": "https://bugzilla.suse.com/1143821"
},
{
"category": "self",
"summary": "SUSE Bug 1143823",
"url": "https://bugzilla.suse.com/1143823"
},
{
"category": "self",
"summary": "SUSE Bug 1143824",
"url": "https://bugzilla.suse.com/1143824"
},
{
"category": "self",
"summary": "SUSE Bug 1143825",
"url": "https://bugzilla.suse.com/1143825"
},
{
"category": "self",
"summary": "SUSE Bug 1143827",
"url": "https://bugzilla.suse.com/1143827"
},
{
"category": "self",
"summary": "SUSE Bug 1143828",
"url": "https://bugzilla.suse.com/1143828"
},
{
"category": "self",
"summary": "SUSE Bug 1143830",
"url": "https://bugzilla.suse.com/1143830"
},
{
"category": "self",
"summary": "SUSE Bug 1143831",
"url": "https://bugzilla.suse.com/1143831"
},
{
"category": "self",
"summary": "SUSE Bug 1144656",
"url": "https://bugzilla.suse.com/1144656"
},
{
"category": "self",
"summary": "SUSE Bug 1144675",
"url": "https://bugzilla.suse.com/1144675"
},
{
"category": "self",
"summary": "SUSE Bug 1162198",
"url": "https://bugzilla.suse.com/1162198"
},
{
"category": "self",
"summary": "SUSE Bug 1167209",
"url": "https://bugzilla.suse.com/1167209"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11690 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13103 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13104 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13104/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13106 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13106/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14192 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14193 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14194 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14195 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14196 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14198 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14200 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14202 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14203 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14204 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8432 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8432/"
}
],
"title": "Security update for u-boot",
"tracking": {
"current_release_date": "2020-11-09T10:12:31Z",
"generator": {
"date": "2020-11-09T10:12:31Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3256-1",
"initial_release_date": "2020-11-09T10:12:31Z",
"revision_history": [
{
"date": "2020-11-09T10:12:31Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "u-boot-dragonboard410c-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard410c-2018.03-4.3.1.aarch64",
"product_id": "u-boot-dragonboard410c-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard410c-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-dragonboard410c-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-evb-rk3399-2018.03-4.3.1.aarch64",
"product_id": "u-boot-evb-rk3399-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-evb-rk3399-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-evb-rk3399-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-2018.03-4.3.1.aarch64",
"product_id": "u-boot-firefly-rk3399-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-firefly-rk3399-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-geekbox-2018.03-4.3.1.aarch64",
"product_id": "u-boot-geekbox-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-geekbox-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-geekbox-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-hikey-2018.03-4.3.1.aarch64",
"product_id": "u-boot-hikey-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-hikey-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-hikey-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-2018.03-4.3.1.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebudb-88f3720-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebudb-88f3720-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebudbarmada8k-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebudbarmada8k-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-nanopia64-2018.03-4.3.1.aarch64",
"product_id": "u-boot-nanopia64-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-nanopia64-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-nanopia64-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-odroid-c2-2018.03-4.3.1.aarch64",
"product_id": "u-boot-odroid-c2-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-odroid-c2-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-odroid-c2-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-orangepipc2-2018.03-4.3.1.aarch64",
"product_id": "u-boot-orangepipc2-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-orangepipc2-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-orangepipc2-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-p2371-2180-2018.03-4.3.1.aarch64",
"product_id": "u-boot-p2371-2180-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-p2371-2180-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-p2371-2180-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-pine64plus-2018.03-4.3.1.aarch64",
"product_id": "u-boot-pine64plus-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-pine64plus-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-pine64plus-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-rpi3-2018.03-4.3.1.aarch64",
"product_id": "u-boot-rpi3-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-rpi3-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-rpi3-doc-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-tools-2018.03-4.3.1.aarch64",
"product_id": "u-boot-tools-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-2018.03-4.3.1.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-2018.03-4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2018.03-4.3.1.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2018.03-4.3.1.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-doc-2018.03-4.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.3.1.i586",
"product": {
"name": "u-boot-tools-2018.03-4.3.1.i586",
"product_id": "u-boot-tools-2018.03-4.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.3.1.ppc64le",
"product": {
"name": "u-boot-tools-2018.03-4.3.1.ppc64le",
"product_id": "u-boot-tools-2018.03-4.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.3.1.s390",
"product": {
"name": "u-boot-tools-2018.03-4.3.1.s390",
"product_id": "u-boot-tools-2018.03-4.3.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.3.1.s390x",
"product": {
"name": "u-boot-tools-2018.03-4.3.1.s390x",
"product_id": "u-boot-tools-2018.03-4.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.3.1.x86_64",
"product": {
"name": "u-boot-tools-2018.03-4.3.1.x86_64",
"product_id": "u-boot-tools-2018.03-4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2018.03-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64"
},
"product_reference": "u-boot-rpi3-2018.03-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
},
"product_reference": "u-boot-tools-2018.03-4.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11059"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11059",
"url": "https://www.suse.com/security/cve/CVE-2019-11059"
},
{
"category": "external",
"summary": "SUSE Bug 1134853 for CVE-2019-11059",
"url": "https://bugzilla.suse.com/1134853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "low"
}
],
"title": "CVE-2019-11059"
},
{
"cve": "CVE-2019-11690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11690"
}
],
"notes": [
{
"category": "general",
"text": "gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11690",
"url": "https://www.suse.com/security/cve/CVE-2019-11690"
},
{
"category": "external",
"summary": "SUSE Bug 1134157 for CVE-2019-11690",
"url": "https://bugzilla.suse.com/1134157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "low"
}
],
"title": "CVE-2019-11690"
},
{
"cve": "CVE-2019-13103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13103"
}
],
"notes": [
{
"category": "general",
"text": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13103",
"url": "https://www.suse.com/security/cve/CVE-2019-13103"
},
{
"category": "external",
"summary": "SUSE Bug 1143463 for CVE-2019-13103",
"url": "https://bugzilla.suse.com/1143463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-13103"
},
{
"cve": "CVE-2019-13104",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13104"
}
],
"notes": [
{
"category": "general",
"text": "In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13104",
"url": "https://www.suse.com/security/cve/CVE-2019-13104"
},
{
"category": "external",
"summary": "SUSE Bug 1144675 for CVE-2019-13104",
"url": "https://bugzilla.suse.com/1144675"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-13104"
},
{
"cve": "CVE-2019-13106",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13106"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13106",
"url": "https://www.suse.com/security/cve/CVE-2019-13106"
},
{
"category": "external",
"summary": "SUSE Bug 1144656 for CVE-2019-13106",
"url": "https://bugzilla.suse.com/1144656"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-13106"
},
{
"cve": "CVE-2019-14192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14192"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14192",
"url": "https://www.suse.com/security/cve/CVE-2019-14192"
},
{
"category": "external",
"summary": "SUSE Bug 1143777 for CVE-2019-14192",
"url": "https://bugzilla.suse.com/1143777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14192"
},
{
"cve": "CVE-2019-14193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14193"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14193",
"url": "https://www.suse.com/security/cve/CVE-2019-14193"
},
{
"category": "external",
"summary": "SUSE Bug 1143817 for CVE-2019-14193",
"url": "https://bugzilla.suse.com/1143817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14193"
},
{
"cve": "CVE-2019-14194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14194"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14194",
"url": "https://www.suse.com/security/cve/CVE-2019-14194"
},
{
"category": "external",
"summary": "SUSE Bug 1143818 for CVE-2019-14194",
"url": "https://bugzilla.suse.com/1143818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14194"
},
{
"cve": "CVE-2019-14195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14195"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14195",
"url": "https://www.suse.com/security/cve/CVE-2019-14195"
},
{
"category": "external",
"summary": "SUSE Bug 1143819 for CVE-2019-14195",
"url": "https://bugzilla.suse.com/1143819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14195"
},
{
"cve": "CVE-2019-14196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14196"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14196",
"url": "https://www.suse.com/security/cve/CVE-2019-14196"
},
{
"category": "external",
"summary": "SUSE Bug 1143820 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "external",
"summary": "SUSE Bug 1199623 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1199623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14196"
},
{
"cve": "CVE-2019-14197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14197"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14197",
"url": "https://www.suse.com/security/cve/CVE-2019-14197"
},
{
"category": "external",
"summary": "SUSE Bug 1143821 for CVE-2019-14197",
"url": "https://bugzilla.suse.com/1143821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14197"
},
{
"cve": "CVE-2019-14198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14198"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14198",
"url": "https://www.suse.com/security/cve/CVE-2019-14198"
},
{
"category": "external",
"summary": "SUSE Bug 1143823 for CVE-2019-14198",
"url": "https://bugzilla.suse.com/1143823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14198"
},
{
"cve": "CVE-2019-14199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14199"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14199",
"url": "https://www.suse.com/security/cve/CVE-2019-14199"
},
{
"category": "external",
"summary": "SUSE Bug 1143824 for CVE-2019-14199",
"url": "https://bugzilla.suse.com/1143824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14199"
},
{
"cve": "CVE-2019-14200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14200"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14200",
"url": "https://www.suse.com/security/cve/CVE-2019-14200"
},
{
"category": "external",
"summary": "SUSE Bug 1143825 for CVE-2019-14200",
"url": "https://bugzilla.suse.com/1143825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14200"
},
{
"cve": "CVE-2019-14201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14201"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14201",
"url": "https://www.suse.com/security/cve/CVE-2019-14201"
},
{
"category": "external",
"summary": "SUSE Bug 1143827 for CVE-2019-14201",
"url": "https://bugzilla.suse.com/1143827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14201"
},
{
"cve": "CVE-2019-14202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14202"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14202",
"url": "https://www.suse.com/security/cve/CVE-2019-14202"
},
{
"category": "external",
"summary": "SUSE Bug 1143828 for CVE-2019-14202",
"url": "https://bugzilla.suse.com/1143828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14202"
},
{
"cve": "CVE-2019-14203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14203"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14203",
"url": "https://www.suse.com/security/cve/CVE-2019-14203"
},
{
"category": "external",
"summary": "SUSE Bug 1143830 for CVE-2019-14203",
"url": "https://bugzilla.suse.com/1143830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14203"
},
{
"cve": "CVE-2019-14204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14204"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14204",
"url": "https://www.suse.com/security/cve/CVE-2019-14204"
},
{
"category": "external",
"summary": "SUSE Bug 1143831 for CVE-2019-14204",
"url": "https://bugzilla.suse.com/1143831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2019-14204"
},
{
"cve": "CVE-2020-10648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10648"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10648",
"url": "https://www.suse.com/security/cve/CVE-2020-10648"
},
{
"category": "external",
"summary": "SUSE Bug 1167209 for CVE-2020-10648",
"url": "https://bugzilla.suse.com/1167209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "moderate"
}
],
"title": "CVE-2020-10648"
},
{
"cve": "CVE-2020-8432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8432"
}
],
"notes": [
{
"category": "general",
"text": "In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8432",
"url": "https://www.suse.com/security/cve/CVE-2020-8432"
},
{
"category": "external",
"summary": "SUSE Bug 1162198 for CVE-2020-8432",
"url": "https://bugzilla.suse.com/1162198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-rpi3-2018.03-4.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:u-boot-tools-2018.03-4.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-09T10:12:31Z",
"details": "important"
}
],
"title": "CVE-2020-8432"
}
]
}
SUSE-SU-2020:3282-1
Vulnerability from csaf_suse - Published: 2020-11-11 08:55 - Updated: 2020-11-11 08:55Summary
Security update for u-boot
Severity
Important
Notes
Title of the patch: Security update for u-boot
Description of the patch: This update for u-boot fixes the following issues:
CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)
Patchnames: SUSE-2020-3282,SUSE-SLE-Module-Basesystem-15-SP1-2020-3282
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.7 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
77 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for u-boot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for u-boot fixes the following issues:\n\nCVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),\nCVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),\nCVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), \nCVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),\nCVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),\nCVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),\nCVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),\nCVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),\nCVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3282,SUSE-SLE-Module-Basesystem-15-SP1-2020-3282",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3282-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3282-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203282-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3282-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007758.html"
},
{
"category": "self",
"summary": "SUSE Bug 1134157",
"url": "https://bugzilla.suse.com/1134157"
},
{
"category": "self",
"summary": "SUSE Bug 1134853",
"url": "https://bugzilla.suse.com/1134853"
},
{
"category": "self",
"summary": "SUSE Bug 1143463",
"url": "https://bugzilla.suse.com/1143463"
},
{
"category": "self",
"summary": "SUSE Bug 1143777",
"url": "https://bugzilla.suse.com/1143777"
},
{
"category": "self",
"summary": "SUSE Bug 1143817",
"url": "https://bugzilla.suse.com/1143817"
},
{
"category": "self",
"summary": "SUSE Bug 1143818",
"url": "https://bugzilla.suse.com/1143818"
},
{
"category": "self",
"summary": "SUSE Bug 1143819",
"url": "https://bugzilla.suse.com/1143819"
},
{
"category": "self",
"summary": "SUSE Bug 1143820",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "self",
"summary": "SUSE Bug 1143821",
"url": "https://bugzilla.suse.com/1143821"
},
{
"category": "self",
"summary": "SUSE Bug 1143823",
"url": "https://bugzilla.suse.com/1143823"
},
{
"category": "self",
"summary": "SUSE Bug 1143824",
"url": "https://bugzilla.suse.com/1143824"
},
{
"category": "self",
"summary": "SUSE Bug 1143825",
"url": "https://bugzilla.suse.com/1143825"
},
{
"category": "self",
"summary": "SUSE Bug 1143827",
"url": "https://bugzilla.suse.com/1143827"
},
{
"category": "self",
"summary": "SUSE Bug 1143828",
"url": "https://bugzilla.suse.com/1143828"
},
{
"category": "self",
"summary": "SUSE Bug 1143830",
"url": "https://bugzilla.suse.com/1143830"
},
{
"category": "self",
"summary": "SUSE Bug 1143831",
"url": "https://bugzilla.suse.com/1143831"
},
{
"category": "self",
"summary": "SUSE Bug 1162198",
"url": "https://bugzilla.suse.com/1162198"
},
{
"category": "self",
"summary": "SUSE Bug 1167209",
"url": "https://bugzilla.suse.com/1167209"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11690 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13103 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14192 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14193 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14194 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14195 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14196 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14198 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14200 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14202 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14203 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14204 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8432 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8432/"
}
],
"title": "Security update for u-boot",
"tracking": {
"current_release_date": "2020-11-11T08:55:32Z",
"generator": {
"date": "2020-11-11T08:55:32Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3282-1",
"initial_release_date": "2020-11-11T08:55:32Z",
"revision_history": [
{
"date": "2020-11-11T08:55:32Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "u-boot-bananapim64-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-bananapim64-2019.01-7.10.2.aarch64",
"product_id": "u-boot-bananapim64-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-bananapim64-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-bananapim64-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-bananapim64-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-dragonboard410c-2019.01-7.10.2.aarch64",
"product_id": "u-boot-dragonboard410c-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-dragonboard410c-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-dragonboard410c-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard820c-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-dragonboard820c-2019.01-7.10.2.aarch64",
"product_id": "u-boot-dragonboard820c-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard820c-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-dragonboard820c-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-dragonboard820c-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-evb-rk3399-2019.01-7.10.2.aarch64",
"product_id": "u-boot-evb-rk3399-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-evb-rk3399-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-evb-rk3399-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-2019.01-7.10.2.aarch64",
"product_id": "u-boot-firefly-rk3399-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-firefly-rk3399-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-geekbox-2019.01-7.10.2.aarch64",
"product_id": "u-boot-geekbox-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-geekbox-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-geekbox-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-hikey-2019.01-7.10.2.aarch64",
"product_id": "u-boot-hikey-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-hikey-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-hikey-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-khadas-vim-2019.01-7.10.2.aarch64",
"product_id": "u-boot-khadas-vim-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-khadas-vim-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-khadas-vim-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim2-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-khadas-vim2-2019.01-7.10.2.aarch64",
"product_id": "u-boot-khadas-vim2-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-khadas-vim2-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-khadas-vim2-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-khadas-vim2-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-2019.01-7.10.2.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebudb-88f3720-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebudb-88f3720-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebudbarmada8k-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebudbarmada8k-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-nanopia64-2019.01-7.10.2.aarch64",
"product_id": "u-boot-nanopia64-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-nanopia64-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-nanopia64-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-odroid-c2-2019.01-7.10.2.aarch64",
"product_id": "u-boot-odroid-c2-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-odroid-c2-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-odroid-c2-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-orangepipc2-2019.01-7.10.2.aarch64",
"product_id": "u-boot-orangepipc2-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-orangepipc2-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-orangepipc2-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-p2371-2180-2019.01-7.10.2.aarch64",
"product_id": "u-boot-p2371-2180-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-p2371-2180-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-p2371-2180-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2771-0000-500-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-p2771-0000-500-2019.01-7.10.2.aarch64",
"product_id": "u-boot-p2771-0000-500-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2771-0000-500-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-p2771-0000-500-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-p2771-0000-500-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-pine64plus-2019.01-7.10.2.aarch64",
"product_id": "u-boot-pine64plus-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-pine64plus-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-pine64plus-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pinebook-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-pinebook-2019.01-7.10.2.aarch64",
"product_id": "u-boot-pinebook-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pinebook-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-pinebook-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-pinebook-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pineh64-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-pineh64-2019.01-7.10.2.aarch64",
"product_id": "u-boot-pineh64-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pineh64-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-pineh64-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-pineh64-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-poplar-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-poplar-2019.01-7.10.2.aarch64",
"product_id": "u-boot-poplar-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-poplar-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-poplar-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-poplar-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rock960-rk3399-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-rock960-rk3399-2019.01-7.10.2.aarch64",
"product_id": "u-boot-rock960-rk3399-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rock960-rk3399-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-rock960-rk3399-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-rock960-rk3399-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-rpi3-2019.01-7.10.2.aarch64",
"product_id": "u-boot-rpi3-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-rpi3-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-rpi3-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-tools-2019.01-7.10.1.aarch64",
"product": {
"name": "u-boot-tools-2019.01-7.10.1.aarch64",
"product_id": "u-boot-tools-2019.01-7.10.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpgeneric-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpgeneric-2019.01-7.10.2.aarch64",
"product_id": "u-boot-xilinxzynqmpgeneric-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpgeneric-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpgeneric-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-xilinxzynqmpgeneric-doc-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-2019.01-7.10.2.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-2019.01-7.10.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-7.10.2.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-7.10.2.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-doc-2019.01-7.10.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-7.10.1.i586",
"product": {
"name": "u-boot-tools-2019.01-7.10.1.i586",
"product_id": "u-boot-tools-2019.01-7.10.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-7.10.1.ppc64le",
"product": {
"name": "u-boot-tools-2019.01-7.10.1.ppc64le",
"product_id": "u-boot-tools-2019.01-7.10.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-7.10.1.s390x",
"product": {
"name": "u-boot-tools-2019.01-7.10.1.s390x",
"product_id": "u-boot-tools-2019.01-7.10.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2019.01-7.10.1.x86_64",
"product": {
"name": "u-boot-tools-2019.01-7.10.1.x86_64",
"product_id": "u-boot-tools-2019.01-7.10.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2019.01-7.10.2.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64"
},
"product_reference": "u-boot-rpi3-2019.01-7.10.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2019.01-7.10.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64"
},
"product_reference": "u-boot-tools-2019.01-7.10.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2019.01-7.10.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le"
},
"product_reference": "u-boot-tools-2019.01-7.10.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2019.01-7.10.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x"
},
"product_reference": "u-boot-tools-2019.01-7.10.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2019.01-7.10.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
},
"product_reference": "u-boot-tools-2019.01-7.10.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11059"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11059",
"url": "https://www.suse.com/security/cve/CVE-2019-11059"
},
{
"category": "external",
"summary": "SUSE Bug 1134853 for CVE-2019-11059",
"url": "https://bugzilla.suse.com/1134853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "low"
}
],
"title": "CVE-2019-11059"
},
{
"cve": "CVE-2019-11690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11690"
}
],
"notes": [
{
"category": "general",
"text": "gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11690",
"url": "https://www.suse.com/security/cve/CVE-2019-11690"
},
{
"category": "external",
"summary": "SUSE Bug 1134157 for CVE-2019-11690",
"url": "https://bugzilla.suse.com/1134157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "low"
}
],
"title": "CVE-2019-11690"
},
{
"cve": "CVE-2019-13103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13103"
}
],
"notes": [
{
"category": "general",
"text": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13103",
"url": "https://www.suse.com/security/cve/CVE-2019-13103"
},
{
"category": "external",
"summary": "SUSE Bug 1143463 for CVE-2019-13103",
"url": "https://bugzilla.suse.com/1143463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-13103"
},
{
"cve": "CVE-2019-14192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14192"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14192",
"url": "https://www.suse.com/security/cve/CVE-2019-14192"
},
{
"category": "external",
"summary": "SUSE Bug 1143777 for CVE-2019-14192",
"url": "https://bugzilla.suse.com/1143777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14192"
},
{
"cve": "CVE-2019-14193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14193"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14193",
"url": "https://www.suse.com/security/cve/CVE-2019-14193"
},
{
"category": "external",
"summary": "SUSE Bug 1143817 for CVE-2019-14193",
"url": "https://bugzilla.suse.com/1143817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14193"
},
{
"cve": "CVE-2019-14194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14194"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14194",
"url": "https://www.suse.com/security/cve/CVE-2019-14194"
},
{
"category": "external",
"summary": "SUSE Bug 1143818 for CVE-2019-14194",
"url": "https://bugzilla.suse.com/1143818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14194"
},
{
"cve": "CVE-2019-14195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14195"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14195",
"url": "https://www.suse.com/security/cve/CVE-2019-14195"
},
{
"category": "external",
"summary": "SUSE Bug 1143819 for CVE-2019-14195",
"url": "https://bugzilla.suse.com/1143819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14195"
},
{
"cve": "CVE-2019-14196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14196"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14196",
"url": "https://www.suse.com/security/cve/CVE-2019-14196"
},
{
"category": "external",
"summary": "SUSE Bug 1143820 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "external",
"summary": "SUSE Bug 1199623 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1199623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14196"
},
{
"cve": "CVE-2019-14197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14197"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14197",
"url": "https://www.suse.com/security/cve/CVE-2019-14197"
},
{
"category": "external",
"summary": "SUSE Bug 1143821 for CVE-2019-14197",
"url": "https://bugzilla.suse.com/1143821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14197"
},
{
"cve": "CVE-2019-14198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14198"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14198",
"url": "https://www.suse.com/security/cve/CVE-2019-14198"
},
{
"category": "external",
"summary": "SUSE Bug 1143823 for CVE-2019-14198",
"url": "https://bugzilla.suse.com/1143823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14198"
},
{
"cve": "CVE-2019-14199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14199"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14199",
"url": "https://www.suse.com/security/cve/CVE-2019-14199"
},
{
"category": "external",
"summary": "SUSE Bug 1143824 for CVE-2019-14199",
"url": "https://bugzilla.suse.com/1143824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14199"
},
{
"cve": "CVE-2019-14200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14200"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14200",
"url": "https://www.suse.com/security/cve/CVE-2019-14200"
},
{
"category": "external",
"summary": "SUSE Bug 1143825 for CVE-2019-14200",
"url": "https://bugzilla.suse.com/1143825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14200"
},
{
"cve": "CVE-2019-14201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14201"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14201",
"url": "https://www.suse.com/security/cve/CVE-2019-14201"
},
{
"category": "external",
"summary": "SUSE Bug 1143827 for CVE-2019-14201",
"url": "https://bugzilla.suse.com/1143827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14201"
},
{
"cve": "CVE-2019-14202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14202"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14202",
"url": "https://www.suse.com/security/cve/CVE-2019-14202"
},
{
"category": "external",
"summary": "SUSE Bug 1143828 for CVE-2019-14202",
"url": "https://bugzilla.suse.com/1143828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14202"
},
{
"cve": "CVE-2019-14203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14203"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14203",
"url": "https://www.suse.com/security/cve/CVE-2019-14203"
},
{
"category": "external",
"summary": "SUSE Bug 1143830 for CVE-2019-14203",
"url": "https://bugzilla.suse.com/1143830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14203"
},
{
"cve": "CVE-2019-14204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14204"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14204",
"url": "https://www.suse.com/security/cve/CVE-2019-14204"
},
{
"category": "external",
"summary": "SUSE Bug 1143831 for CVE-2019-14204",
"url": "https://bugzilla.suse.com/1143831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2019-14204"
},
{
"cve": "CVE-2020-10648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10648"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10648",
"url": "https://www.suse.com/security/cve/CVE-2020-10648"
},
{
"category": "external",
"summary": "SUSE Bug 1167209 for CVE-2020-10648",
"url": "https://bugzilla.suse.com/1167209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "moderate"
}
],
"title": "CVE-2020-10648"
},
{
"cve": "CVE-2020-8432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8432"
}
],
"notes": [
{
"category": "general",
"text": "In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8432",
"url": "https://www.suse.com/security/cve/CVE-2020-8432"
},
{
"category": "external",
"summary": "SUSE Bug 1162198 for CVE-2020-8432",
"url": "https://bugzilla.suse.com/1162198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-rpi3-2019.01-7.10.2.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:u-boot-tools-2019.01-7.10.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:55:32Z",
"details": "important"
}
],
"title": "CVE-2020-8432"
}
]
}
SUSE-SU-2020:3283-1
Vulnerability from csaf_suse - Published: 2020-11-11 08:59 - Updated: 2020-11-11 08:59Summary
Security update for u-boot
Severity
Important
Notes
Title of the patch: Security update for u-boot
Description of the patch: This update for u-boot fixes the following issues:
- Fix network boot on Raspberry Pi 3 B+ (bsc#1098649)
- Fix GOP pixel format (bsc#1098447)
- Fix SD writes on Raspberry Pi
- Enable a few more armv7 boards to boot with EFI
- Fix potentially miscompiled runtime service calls
Fix CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817),
CVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821),
CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830),
CVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818),
CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463),
CVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853),
CVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209)
Patchnames: SUSE-2020-3283,SUSE-SLE-Product-HPC-15-2020-3283,SUSE-SLE-Product-SLES-15-2020-3283,SUSE-SLE-Product-SLES_SAP-15-2020-3283
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.7 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
79 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for u-boot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for u-boot fixes the following issues:\n\n- Fix network boot on Raspberry Pi 3 B+ (bsc#1098649)\n- Fix GOP pixel format (bsc#1098447)\n- Fix SD writes on Raspberry Pi\n- Enable a few more armv7 boards to boot with EFI\n- Fix potentially miscompiled runtime service calls\n\nFix CVE-2019-14192 (bsc#1143777), CVE-2019-14193 (bsc#1143817), \nCVE-2019-14199 (bsc#1143824), CVE-2019-14197 (bsc#1143821), \nCVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827), \nCVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), \nCVE-2019-14204 (bsc#1143831), CVE-2019-14194 (bsc#1143818), \nCVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819), \nCVE-2019-14196 (bsc#1143820), CVE-2019-13103 (bsc#1143463), \nCVE-2020-8432 (bsc#1162198), CVE-2019-11059 (bsc#1134853), \nCVE-2019-11690 (bsc#1134157) and CVE-2020-10648 (bsc#1167209) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3283,SUSE-SLE-Product-HPC-15-2020-3283,SUSE-SLE-Product-SLES-15-2020-3283,SUSE-SLE-Product-SLES_SAP-15-2020-3283",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3283-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3283-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203283-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3283-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007760.html"
},
{
"category": "self",
"summary": "SUSE Bug 1098447",
"url": "https://bugzilla.suse.com/1098447"
},
{
"category": "self",
"summary": "SUSE Bug 1098649",
"url": "https://bugzilla.suse.com/1098649"
},
{
"category": "self",
"summary": "SUSE Bug 1134157",
"url": "https://bugzilla.suse.com/1134157"
},
{
"category": "self",
"summary": "SUSE Bug 1134853",
"url": "https://bugzilla.suse.com/1134853"
},
{
"category": "self",
"summary": "SUSE Bug 1143463",
"url": "https://bugzilla.suse.com/1143463"
},
{
"category": "self",
"summary": "SUSE Bug 1143777",
"url": "https://bugzilla.suse.com/1143777"
},
{
"category": "self",
"summary": "SUSE Bug 1143817",
"url": "https://bugzilla.suse.com/1143817"
},
{
"category": "self",
"summary": "SUSE Bug 1143818",
"url": "https://bugzilla.suse.com/1143818"
},
{
"category": "self",
"summary": "SUSE Bug 1143819",
"url": "https://bugzilla.suse.com/1143819"
},
{
"category": "self",
"summary": "SUSE Bug 1143820",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "self",
"summary": "SUSE Bug 1143821",
"url": "https://bugzilla.suse.com/1143821"
},
{
"category": "self",
"summary": "SUSE Bug 1143823",
"url": "https://bugzilla.suse.com/1143823"
},
{
"category": "self",
"summary": "SUSE Bug 1143824",
"url": "https://bugzilla.suse.com/1143824"
},
{
"category": "self",
"summary": "SUSE Bug 1143825",
"url": "https://bugzilla.suse.com/1143825"
},
{
"category": "self",
"summary": "SUSE Bug 1143827",
"url": "https://bugzilla.suse.com/1143827"
},
{
"category": "self",
"summary": "SUSE Bug 1143828",
"url": "https://bugzilla.suse.com/1143828"
},
{
"category": "self",
"summary": "SUSE Bug 1143830",
"url": "https://bugzilla.suse.com/1143830"
},
{
"category": "self",
"summary": "SUSE Bug 1143831",
"url": "https://bugzilla.suse.com/1143831"
},
{
"category": "self",
"summary": "SUSE Bug 1162198",
"url": "https://bugzilla.suse.com/1162198"
},
{
"category": "self",
"summary": "SUSE Bug 1167209",
"url": "https://bugzilla.suse.com/1167209"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11690 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13103 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14192 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14193 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14194 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14195 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14196 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14198 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14199 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14199/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14200 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14202 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14203 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14204 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8432 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8432/"
}
],
"title": "Security update for u-boot",
"tracking": {
"current_release_date": "2020-11-11T08:59:07Z",
"generator": {
"date": "2020-11-11T08:59:07Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3283-1",
"initial_release_date": "2020-11-11T08:59:07Z",
"revision_history": [
{
"date": "2020-11-11T08:59:07Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "u-boot-dragonboard410c-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-dragonboard410c-2018.03-4.6.2.aarch64",
"product_id": "u-boot-dragonboard410c-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-dragonboard410c-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-dragonboard410c-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-evb-rk3399-2018.03-4.6.2.aarch64",
"product_id": "u-boot-evb-rk3399-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-evb-rk3399-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-evb-rk3399-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-evb-rk3399-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-2018.03-4.6.2.aarch64",
"product_id": "u-boot-firefly-rk3399-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-firefly-rk3399-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-firefly-rk3399-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-firefly-rk3399-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-geekbox-2018.03-4.6.2.aarch64",
"product_id": "u-boot-geekbox-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-geekbox-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-geekbox-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-geekbox-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-hikey-2018.03-4.6.2.aarch64",
"product_id": "u-boot-hikey-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-hikey-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-hikey-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-hikey-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-2018.03-4.6.2.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-ls1012afrdmqspi-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-ls1012afrdmqspi-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-ls1012afrdmqspi-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebudb-88f3720-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudb-88f3720-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebudb-88f3720-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebudb-88f3720-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebudbarmada8k-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebudbarmada8k-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebudbarmada8k-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebudbarmada8k-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebuespressobin-88f3720-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebuespressobin-88f3720-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebuespressobin-88f3720-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-mvebumcbin-88f8040-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-mvebumcbin-88f8040-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-mvebumcbin-88f8040-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-nanopia64-2018.03-4.6.2.aarch64",
"product_id": "u-boot-nanopia64-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-nanopia64-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-nanopia64-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-nanopia64-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-odroid-c2-2018.03-4.6.2.aarch64",
"product_id": "u-boot-odroid-c2-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-odroid-c2-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-odroid-c2-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-orangepipc2-2018.03-4.6.2.aarch64",
"product_id": "u-boot-orangepipc2-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-orangepipc2-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-orangepipc2-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-orangepipc2-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-p2371-2180-2018.03-4.6.2.aarch64",
"product_id": "u-boot-p2371-2180-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-p2371-2180-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-p2371-2180-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-pine64plus-2018.03-4.6.2.aarch64",
"product_id": "u-boot-pine64plus-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-pine64plus-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-pine64plus-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-rpi3-2018.03-4.6.2.aarch64",
"product_id": "u-boot-rpi3-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-rpi3-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-rpi3-doc-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.6.1.aarch64",
"product": {
"name": "u-boot-tools-2018.03-4.6.1.aarch64",
"product_id": "u-boot-tools-2018.03-4.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-2018.03-4.6.2.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-2018.03-4.6.2.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2018.03-4.6.2.aarch64",
"product": {
"name": "u-boot-xilinxzynqmpzcu102rev10-doc-2018.03-4.6.2.aarch64",
"product_id": "u-boot-xilinxzynqmpzcu102rev10-doc-2018.03-4.6.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.6.1.i586",
"product": {
"name": "u-boot-tools-2018.03-4.6.1.i586",
"product_id": "u-boot-tools-2018.03-4.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.6.1.ppc64le",
"product": {
"name": "u-boot-tools-2018.03-4.6.1.ppc64le",
"product_id": "u-boot-tools-2018.03-4.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.6.1.s390x",
"product": {
"name": "u-boot-tools-2018.03-4.6.1.s390x",
"product_id": "u-boot-tools-2018.03-4.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2018.03-4.6.1.x86_64",
"product": {
"name": "u-boot-tools-2018.03-4.6.1.x86_64",
"product_id": "u-boot-tools-2018.03-4.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2018.03-4.6.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64"
},
"product_reference": "u-boot-rpi3-2018.03-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2018.03-4.6.2.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64"
},
"product_reference": "u-boot-rpi3-2018.03-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2018.03-4.6.2.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64"
},
"product_reference": "u-boot-rpi3-2018.03-4.6.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2018.03-4.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
},
"product_reference": "u-boot-tools-2018.03-4.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11059"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11059",
"url": "https://www.suse.com/security/cve/CVE-2019-11059"
},
{
"category": "external",
"summary": "SUSE Bug 1134853 for CVE-2019-11059",
"url": "https://bugzilla.suse.com/1134853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "low"
}
],
"title": "CVE-2019-11059"
},
{
"cve": "CVE-2019-11690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11690"
}
],
"notes": [
{
"category": "general",
"text": "gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11690",
"url": "https://www.suse.com/security/cve/CVE-2019-11690"
},
{
"category": "external",
"summary": "SUSE Bug 1134157 for CVE-2019-11690",
"url": "https://bugzilla.suse.com/1134157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "low"
}
],
"title": "CVE-2019-11690"
},
{
"cve": "CVE-2019-13103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13103"
}
],
"notes": [
{
"category": "general",
"text": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13103",
"url": "https://www.suse.com/security/cve/CVE-2019-13103"
},
{
"category": "external",
"summary": "SUSE Bug 1143463 for CVE-2019-13103",
"url": "https://bugzilla.suse.com/1143463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-13103"
},
{
"cve": "CVE-2019-14192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14192"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14192",
"url": "https://www.suse.com/security/cve/CVE-2019-14192"
},
{
"category": "external",
"summary": "SUSE Bug 1143777 for CVE-2019-14192",
"url": "https://bugzilla.suse.com/1143777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14192"
},
{
"cve": "CVE-2019-14193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14193"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14193",
"url": "https://www.suse.com/security/cve/CVE-2019-14193"
},
{
"category": "external",
"summary": "SUSE Bug 1143817 for CVE-2019-14193",
"url": "https://bugzilla.suse.com/1143817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14193"
},
{
"cve": "CVE-2019-14194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14194"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14194",
"url": "https://www.suse.com/security/cve/CVE-2019-14194"
},
{
"category": "external",
"summary": "SUSE Bug 1143818 for CVE-2019-14194",
"url": "https://bugzilla.suse.com/1143818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14194"
},
{
"cve": "CVE-2019-14195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14195"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14195",
"url": "https://www.suse.com/security/cve/CVE-2019-14195"
},
{
"category": "external",
"summary": "SUSE Bug 1143819 for CVE-2019-14195",
"url": "https://bugzilla.suse.com/1143819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14195"
},
{
"cve": "CVE-2019-14196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14196"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14196",
"url": "https://www.suse.com/security/cve/CVE-2019-14196"
},
{
"category": "external",
"summary": "SUSE Bug 1143820 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "external",
"summary": "SUSE Bug 1199623 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1199623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14196"
},
{
"cve": "CVE-2019-14197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14197"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14197",
"url": "https://www.suse.com/security/cve/CVE-2019-14197"
},
{
"category": "external",
"summary": "SUSE Bug 1143821 for CVE-2019-14197",
"url": "https://bugzilla.suse.com/1143821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14197"
},
{
"cve": "CVE-2019-14198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14198"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14198",
"url": "https://www.suse.com/security/cve/CVE-2019-14198"
},
{
"category": "external",
"summary": "SUSE Bug 1143823 for CVE-2019-14198",
"url": "https://bugzilla.suse.com/1143823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14198"
},
{
"cve": "CVE-2019-14199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14199"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14199",
"url": "https://www.suse.com/security/cve/CVE-2019-14199"
},
{
"category": "external",
"summary": "SUSE Bug 1143824 for CVE-2019-14199",
"url": "https://bugzilla.suse.com/1143824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14199"
},
{
"cve": "CVE-2019-14200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14200"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14200",
"url": "https://www.suse.com/security/cve/CVE-2019-14200"
},
{
"category": "external",
"summary": "SUSE Bug 1143825 for CVE-2019-14200",
"url": "https://bugzilla.suse.com/1143825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14200"
},
{
"cve": "CVE-2019-14201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14201"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14201",
"url": "https://www.suse.com/security/cve/CVE-2019-14201"
},
{
"category": "external",
"summary": "SUSE Bug 1143827 for CVE-2019-14201",
"url": "https://bugzilla.suse.com/1143827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14201"
},
{
"cve": "CVE-2019-14202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14202"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14202",
"url": "https://www.suse.com/security/cve/CVE-2019-14202"
},
{
"category": "external",
"summary": "SUSE Bug 1143828 for CVE-2019-14202",
"url": "https://bugzilla.suse.com/1143828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14202"
},
{
"cve": "CVE-2019-14203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14203"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14203",
"url": "https://www.suse.com/security/cve/CVE-2019-14203"
},
{
"category": "external",
"summary": "SUSE Bug 1143830 for CVE-2019-14203",
"url": "https://bugzilla.suse.com/1143830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14203"
},
{
"cve": "CVE-2019-14204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14204"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14204",
"url": "https://www.suse.com/security/cve/CVE-2019-14204"
},
{
"category": "external",
"summary": "SUSE Bug 1143831 for CVE-2019-14204",
"url": "https://bugzilla.suse.com/1143831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2019-14204"
},
{
"cve": "CVE-2020-10648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10648"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10648",
"url": "https://www.suse.com/security/cve/CVE-2020-10648"
},
{
"category": "external",
"summary": "SUSE Bug 1167209 for CVE-2020-10648",
"url": "https://bugzilla.suse.com/1167209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "moderate"
}
],
"title": "CVE-2020-10648"
},
{
"cve": "CVE-2020-8432",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8432"
}
],
"notes": [
{
"category": "general",
"text": "In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced when attempting to fix a memory leak identified by static analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8432",
"url": "https://www.suse.com/security/cve/CVE-2020-8432"
},
{
"category": "external",
"summary": "SUSE Bug 1162198 for CVE-2020-8432",
"url": "https://bugzilla.suse.com/1162198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-rpi3-2018.03-4.6.2.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:u-boot-tools-2018.03-4.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:u-boot-tools-2018.03-4.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-11T08:59:07Z",
"details": "important"
}
],
"title": "CVE-2020-8432"
}
]
}
SUSE-SU-2020:3474-1
Vulnerability from csaf_suse - Published: 2020-11-20 18:09 - Updated: 2020-11-20 18:09Summary
Security update for u-boot
Severity
Important
Notes
Title of the patch: Security update for u-boot
Description of the patch: This update for u-boot fixes the following issues:
Work around CVE-2019-11059 by disabling 64Bit descritptor size (bsc#1134853)
CVE-2019-11690 (bsc#1134157), CVE-2020-10648 (bsc#1167209), CVE-2019-13103 (bsc#1143463),
CVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),
CVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831),
CVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),
CVE-2019-14196 (bsc#1143820), CVE-2019-14299 (bsc#1143824), CVE-2019-14192 (bsc#1143777),
CVE-2019-14193 (bsc#1143817).
Patchnames: SUSE-2020-3474,SUSE-SLE-SERVER-12-SP3-2020-3474,SUSE-Storage-5-2020-3474
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.1 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
low
4.7 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
72 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for u-boot",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for u-boot fixes the following issues:\n\nWork around CVE-2019-11059 by disabling 64Bit descritptor size (bsc#1134853)\n\nCVE-2019-11690 (bsc#1134157), CVE-2020-10648 (bsc#1167209), CVE-2019-13103 (bsc#1143463),\nCVE-2019-14197 (bsc#1143821), CVE-2019-14200 (bsc#1143825), CVE-2019-14201 (bsc#1143827),\nCVE-2019-14202 (bsc#1143828), CVE-2019-14203 (bsc#1143830), CVE-2019-14204 (bsc#1143831),\nCVE-2019-14194 (bsc#1143818), CVE-2019-14198 (bsc#1143823), CVE-2019-14195 (bsc#1143819),\nCVE-2019-14196 (bsc#1143820), CVE-2019-14299 (bsc#1143824), CVE-2019-14192 (bsc#1143777),\nCVE-2019-14193 (bsc#1143817).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3474,SUSE-SLE-SERVER-12-SP3-2020-3474,SUSE-Storage-5-2020-3474",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3474-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3474-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203474-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3474-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007831.html"
},
{
"category": "self",
"summary": "SUSE Bug 1134157",
"url": "https://bugzilla.suse.com/1134157"
},
{
"category": "self",
"summary": "SUSE Bug 1134853",
"url": "https://bugzilla.suse.com/1134853"
},
{
"category": "self",
"summary": "SUSE Bug 1143463",
"url": "https://bugzilla.suse.com/1143463"
},
{
"category": "self",
"summary": "SUSE Bug 1143777",
"url": "https://bugzilla.suse.com/1143777"
},
{
"category": "self",
"summary": "SUSE Bug 1143817",
"url": "https://bugzilla.suse.com/1143817"
},
{
"category": "self",
"summary": "SUSE Bug 1143818",
"url": "https://bugzilla.suse.com/1143818"
},
{
"category": "self",
"summary": "SUSE Bug 1143819",
"url": "https://bugzilla.suse.com/1143819"
},
{
"category": "self",
"summary": "SUSE Bug 1143820",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "self",
"summary": "SUSE Bug 1143821",
"url": "https://bugzilla.suse.com/1143821"
},
{
"category": "self",
"summary": "SUSE Bug 1143823",
"url": "https://bugzilla.suse.com/1143823"
},
{
"category": "self",
"summary": "SUSE Bug 1143824",
"url": "https://bugzilla.suse.com/1143824"
},
{
"category": "self",
"summary": "SUSE Bug 1143825",
"url": "https://bugzilla.suse.com/1143825"
},
{
"category": "self",
"summary": "SUSE Bug 1143827",
"url": "https://bugzilla.suse.com/1143827"
},
{
"category": "self",
"summary": "SUSE Bug 1143828",
"url": "https://bugzilla.suse.com/1143828"
},
{
"category": "self",
"summary": "SUSE Bug 1143830",
"url": "https://bugzilla.suse.com/1143830"
},
{
"category": "self",
"summary": "SUSE Bug 1143831",
"url": "https://bugzilla.suse.com/1143831"
},
{
"category": "self",
"summary": "SUSE Bug 1167209",
"url": "https://bugzilla.suse.com/1167209"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11059 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11059/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11690 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11690/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-13103 page",
"url": "https://www.suse.com/security/cve/CVE-2019-13103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14192 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14193 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14194 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14195 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14196 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14196/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14197 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14198 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14200 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14200/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14201 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14202 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14203 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14204 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14299 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10648/"
}
],
"title": "Security update for u-boot",
"tracking": {
"current_release_date": "2020-11-20T18:09:59Z",
"generator": {
"date": "2020-11-20T18:09:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3474-1",
"initial_release_date": "2020-11-20T18:09:59Z",
"revision_history": [
{
"date": "2020-11-20T18:09:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "u-boot-dragonboard410c-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard410c-2016.07-12.3.1.aarch64",
"product_id": "u-boot-dragonboard410c-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-dragonboard410c-doc-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-dragonboard410c-doc-2016.07-12.3.1.aarch64",
"product_id": "u-boot-dragonboard410c-doc-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-odroid-c2-2016.07-12.3.1.aarch64",
"product_id": "u-boot-odroid-c2-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-odroid-c2-doc-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-odroid-c2-doc-2016.07-12.3.1.aarch64",
"product_id": "u-boot-odroid-c2-doc-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-p2371-2180-2016.07-12.3.1.aarch64",
"product_id": "u-boot-p2371-2180-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-p2371-2180-doc-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-p2371-2180-doc-2016.07-12.3.1.aarch64",
"product_id": "u-boot-p2371-2180-doc-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-pine64plus-2016.07-12.3.1.aarch64",
"product_id": "u-boot-pine64plus-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-pine64plus-doc-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-pine64plus-doc-2016.07-12.3.1.aarch64",
"product_id": "u-boot-pine64plus-doc-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-rpi3-2016.07-12.3.1.aarch64",
"product_id": "u-boot-rpi3-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-rpi3-doc-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-rpi3-doc-2016.07-12.3.1.aarch64",
"product_id": "u-boot-rpi3-doc-2016.07-12.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "u-boot-tools-2016.07-12.3.1.aarch64",
"product": {
"name": "u-boot-tools-2016.07-12.3.1.aarch64",
"product_id": "u-boot-tools-2016.07-12.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2016.07-12.3.1.i586",
"product": {
"name": "u-boot-tools-2016.07-12.3.1.i586",
"product_id": "u-boot-tools-2016.07-12.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2016.07-12.3.1.ppc64le",
"product": {
"name": "u-boot-tools-2016.07-12.3.1.ppc64le",
"product_id": "u-boot-tools-2016.07-12.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2016.07-12.3.1.s390",
"product": {
"name": "u-boot-tools-2016.07-12.3.1.s390",
"product_id": "u-boot-tools-2016.07-12.3.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2016.07-12.3.1.s390x",
"product": {
"name": "u-boot-tools-2016.07-12.3.1.s390x",
"product_id": "u-boot-tools-2016.07-12.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "u-boot-tools-2016.07-12.3.1.x86_64",
"product": {
"name": "u-boot-tools-2016.07-12.3.1.x86_64",
"product_id": "u-boot-tools-2016.07-12.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 5",
"product": {
"name": "SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2016.07-12.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64"
},
"product_reference": "u-boot-rpi3-2016.07-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2016.07-12.3.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
},
"product_reference": "u-boot-tools-2016.07-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-rpi3-2016.07-12.3.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64"
},
"product_reference": "u-boot-rpi3-2016.07-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "u-boot-tools-2016.07-12.3.1.aarch64 as component of SUSE Enterprise Storage 5",
"product_id": "SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64"
},
"product_reference": "u-boot-tools-2016.07-12.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11059",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11059"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11059",
"url": "https://www.suse.com/security/cve/CVE-2019-11059"
},
{
"category": "external",
"summary": "SUSE Bug 1134853 for CVE-2019-11059",
"url": "https://bugzilla.suse.com/1134853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "low"
}
],
"title": "CVE-2019-11059"
},
{
"cve": "CVE-2019-11690",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11690"
}
],
"notes": [
{
"category": "general",
"text": "gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11690",
"url": "https://www.suse.com/security/cve/CVE-2019-11690"
},
{
"category": "external",
"summary": "SUSE Bug 1134157 for CVE-2019-11690",
"url": "https://bugzilla.suse.com/1134157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "low"
}
],
"title": "CVE-2019-11690"
},
{
"cve": "CVE-2019-13103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-13103"
}
],
"notes": [
{
"category": "general",
"text": "A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-13103",
"url": "https://www.suse.com/security/cve/CVE-2019-13103"
},
{
"category": "external",
"summary": "SUSE Bug 1143463 for CVE-2019-13103",
"url": "https://bugzilla.suse.com/1143463"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-13103"
},
{
"cve": "CVE-2019-14192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14192"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14192",
"url": "https://www.suse.com/security/cve/CVE-2019-14192"
},
{
"category": "external",
"summary": "SUSE Bug 1143777 for CVE-2019-14192",
"url": "https://bugzilla.suse.com/1143777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14192"
},
{
"cve": "CVE-2019-14193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14193"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the \"if\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14193",
"url": "https://www.suse.com/security/cve/CVE-2019-14193"
},
{
"category": "external",
"summary": "SUSE Bug 1143817 for CVE-2019-14193",
"url": "https://bugzilla.suse.com/1143817"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14193"
},
{
"cve": "CVE-2019-14194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14194"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14194",
"url": "https://www.suse.com/security/cve/CVE-2019-14194"
},
{
"category": "external",
"summary": "SUSE Bug 1143818 for CVE-2019-14194",
"url": "https://bugzilla.suse.com/1143818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14194"
},
{
"cve": "CVE-2019-14195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14195"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the \"else\" block after calculating the new path length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14195",
"url": "https://www.suse.com/security/cve/CVE-2019-14195"
},
{
"category": "external",
"summary": "SUSE Bug 1143819 for CVE-2019-14195",
"url": "https://bugzilla.suse.com/1143819"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14195"
},
{
"cve": "CVE-2019-14196",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14196"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14196",
"url": "https://www.suse.com/security/cve/CVE-2019-14196"
},
{
"category": "external",
"summary": "SUSE Bug 1143820 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1143820"
},
{
"category": "external",
"summary": "SUSE Bug 1199623 for CVE-2019-14196",
"url": "https://bugzilla.suse.com/1199623"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14196"
},
{
"cve": "CVE-2019-14197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14197"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14197",
"url": "https://www.suse.com/security/cve/CVE-2019-14197"
},
{
"category": "external",
"summary": "SUSE Bug 1143821 for CVE-2019-14197",
"url": "https://bugzilla.suse.com/1143821"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14197"
},
{
"cve": "CVE-2019-14198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14198"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14198",
"url": "https://www.suse.com/security/cve/CVE-2019-14198"
},
{
"category": "external",
"summary": "SUSE Bug 1143823 for CVE-2019-14198",
"url": "https://bugzilla.suse.com/1143823"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14198"
},
{
"cve": "CVE-2019-14200",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14200"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14200",
"url": "https://www.suse.com/security/cve/CVE-2019-14200"
},
{
"category": "external",
"summary": "SUSE Bug 1143825 for CVE-2019-14200",
"url": "https://bugzilla.suse.com/1143825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14200"
},
{
"cve": "CVE-2019-14201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14201"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14201",
"url": "https://www.suse.com/security/cve/CVE-2019-14201"
},
{
"category": "external",
"summary": "SUSE Bug 1143827 for CVE-2019-14201",
"url": "https://bugzilla.suse.com/1143827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14201"
},
{
"cve": "CVE-2019-14202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14202"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14202",
"url": "https://www.suse.com/security/cve/CVE-2019-14202"
},
{
"category": "external",
"summary": "SUSE Bug 1143828 for CVE-2019-14202",
"url": "https://bugzilla.suse.com/1143828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14202"
},
{
"cve": "CVE-2019-14203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14203"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14203",
"url": "https://www.suse.com/security/cve/CVE-2019-14203"
},
{
"category": "external",
"summary": "SUSE Bug 1143830 for CVE-2019-14203",
"url": "https://bugzilla.suse.com/1143830"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14203"
},
{
"cve": "CVE-2019-14204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14204"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14204",
"url": "https://www.suse.com/security/cve/CVE-2019-14204"
},
{
"category": "external",
"summary": "SUSE Bug 1143831 for CVE-2019-14204",
"url": "https://bugzilla.suse.com/1143831"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14204"
},
{
"cve": "CVE-2019-14299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14299"
}
],
"notes": [
{
"category": "general",
"text": "Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14299",
"url": "https://www.suse.com/security/cve/CVE-2019-14299"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2019-14299"
},
{
"cve": "CVE-2020-10648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10648"
}
],
"notes": [
{
"category": "general",
"text": "Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently boot arbitrary images by providing a crafted FIT image to a system configured to boot the default configuration.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10648",
"url": "https://www.suse.com/security/cve/CVE-2020-10648"
},
{
"category": "external",
"summary": "SUSE Bug 1167209 for CVE-2020-10648",
"url": "https://bugzilla.suse.com/1167209"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 5:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Enterprise Storage 5:u-boot-tools-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-rpi3-2016.07-12.3.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:u-boot-tools-2016.07-12.3.1.aarch64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T18:09:59Z",
"details": "moderate"
}
],
"title": "CVE-2020-10648"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…