14 matches found
EUVD-2026-29347
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...
CVE-2026-34963 barebox EFI PE Loader Memory Safety Vulnerabilities
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...
CVE-2026-34963
barebox version prior to 2026.04.0 contains multiple memory-safety vulnerabilities in the EFI PE loader in efi/loader/pe.c where integer overflow in virtual image size computation using 32-bit arithmetic on section VirtualAddress and size values allows undersized heap allocation, and PE section...
CVE-2026-34963
Barebox EFI PE loader (efi/loader/pe.c) contains multiple memory-safety vulnerabilities in versions prior to 2026.04.0: (1) 32-bit arithmetic overflow in virtual image size calculation on section VirtualAddress/size can cause undersized heap allocations, and (2) PE section loading does not valida...
EUVD-2023-25657
Malicious code in bioql PyPI...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21473
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21472
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader...
CVE-2023-21472
CVE-2023-21472 concerns the Exynos Fastboot USB Interface on Samsung Mobile devices prior to SMR Apr-2023 Release 1. The flaw is an improper input validation in the USB bootloader interface, enabling a physical attacker with access to the device to execute arbitrary code in the bootloader. The af...
PT-2025-35666
Name of the Vulnerable Software and Affected Versions: Exynos Fastboot USB Interface versions prior to SMR Apr-2023 Release 1 Description: The Exynos Fastboot USB Interface is susceptible to improper input validation. This allows a physical attacker to execute arbitrary code in the bootloader...
Design/Logic Flaw
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader...
NVIDIA Jetson TX1 Tegra bootloader local code execution vulnerability
NVIDIA Jetson TX1 is an embedded system development module from NVIDIA. A security vulnerability exists in the nvtboot of the Tegra bootloader in NVIDIA Jetson TX1 L4T R32 versions prior to R32.2, which stems from a failure of the program to first validate the load address when loading the...
CVE-2017-0623
An elevation of privilege vulnerability in the HTC bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18...