EUVD-2026-29347

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34963

barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...

CVE-2026-34963

Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...

EUVD-2023-25657

Malicious code in bioql PyPI...

CVE-2023-21473

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...

CVE-2023-21472

Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...

CVE-2023-21472

CVE-2023-21472 concerns the Exynos Fastboot USB Interface on Samsung Mobile devices prior to SMR Apr-2023 Release 1. The flaw is an improper input validation in the USB bootloader interface, enabling a physical attacker with access to the device to execute arbitrary code in the bootloader. The af...

PT-2025-35666

Name of the Vulnerable Software and Affected Versions: Exynos Fastboot USB Interface versions prior to SMR Apr-2023 Release 1 Description: The Exynos Fastboot USB Interface is susceptible to improper input validation. This allows a physical attacker to execute arbitrary code in the bootloader...

NVIDIA Jetson TX1 Tegra bootloader local code execution vulnerability

NVIDIA Jetson TX1 is an embedded system development module from NVIDIA. A security vulnerability exists in the nvtboot of the Tegra bootloader in NVIDIA Jetson TX1 L4T R32 versions prior to R32.2, which stems from a failure of the program to first validate the load address when loading the...

CVE-2017-0623

An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18...