Lucene search
K

106 matches found

Vulnrichment
Vulnrichment
added 2026/03/20 10:51 p.m.2 views

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
CVE
CVE
added 2026/03/20 10:51 p.m.18 views

CVE-2026-33243

Barebox contains a vulnerability in the FIT signing flow: during mkimage, the hashed-nodes property of the FIT signature node is computed, but the hashed-nodes value is not itself protected by the hash. An attacker can modify hashed-nodes to influence which nodes were reported as hashed, potentia...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/03/20 10:51 p.m.3 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 10:51 p.m.21 views

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS0.00108EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/20 10:51 p.m.6 views

EUVD-2026-13893

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2025.09.3 and from version 2025.10.0 to before version 2026.03.1, when creating a FIT, mkimage1 sets the hashed-nodes property of the FIT signature node to list which nodes of the FIT were hashed as part of the signing...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/20 10:51 p.m.4 views

CVE-2026-33243

Removed by vendor...

8.2CVSS5.8AI score0.00108EPSS
Exploits0
OSV
OSV
added 2026/03/20 10:51 p.m.5 views

CVE-2026-33243 barebox: FIT Signature Verification Bypass Vulnerability

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/20 10:51 p.m.3 views

CVE-2026-33243

barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT signature verification vulnerability to trick the bootloader into booting different images than those that were verified as part of a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Barebox 数据伪造问题漏洞

Barebox is a versatile and flexible bootloader developed by Barebox Open Source. Versions of Barebox before 2025.09.3 and 2026.03.1 contained a data manipulation vulnerability. This vulnerability stemmed from the fact that the hashed-nodes attribute set by mkimage during the creation of FIT was n...

8.2CVSS5.7AI score0.00108EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26702

Name of the Vulnerable Software and Affected Versions barebox versions 2016.03.0 through 2025.09.2 barebox versions 2025.10.0 through 2026.03.0 Description barebox is a bootloader. When creating a FIT Firmware Image Table, the mkimage1 function sets the hashed-nodes property of the FIT signature...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-6117

Malware in sbrugna...

9.1CVSS9AI score0.01225EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-6839

Malware in sbrugna...

9.8CVSS9.5AI score0.02095EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6840

Malware in sbrugna...

9.8CVSS9.5AI score0.02095EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-24326

Malware in sbrugna...

7.5CVSS7.5AI score0.01538EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-24327

Malware in sbrugna...

7.5CVSS7.5AI score0.01538EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-4755

Malicious code in bioql PyPI...

7.1CVSS8AI score0.00275EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 8:7 p.m.9 views

CVE-2021-37847

crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification...

7.5CVSS6.7AI score0.01538EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:41 p.m.8 views

CVE-2021-37848

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

7.5CVSS6.7AI score0.01538EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:18 p.m.6 views

CVE-2020-13910

Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfsreadreply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check...

9.1CVSS6.9AI score0.01225EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:20 a.m.6 views

CVE-2019-15937

Pengutronix barebox through 2019.08.1 has a remote buffer overflow in nfsreadlinkreply in net/nfs.c because a length field is directly used for a memcpy...

9.8CVSS7.6AI score0.02095EPSS
Exploits0References1
Rows per page
Query Builder