EUVD-2026-33313

Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the PIN entry screen. The Infotainment uses presence of Wireless Control Module WCM traffic during its boot window as a...

CVE-2026-34961

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2025-59705

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01...

CVE-2025-59699

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader...

SUSE CVE-2025-61661

A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a malicious...

Linux Distros Unpatched Vulnerability : CVE-2025-61661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader mishandles string conversion when...

CVE-2023-38484

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung mobile applications. A security vulnerability exists in SAMSUNG SMR that stems from improper access control and could lead to an active boot attack...

PT-2023-28890

Name of the Vulnerable Software and Affected Versions Zededa affected versions not specified Description The issue arises from a change in the configuration partition measurement from PCR 13 to PCR 14, without updating the list of PCRs used for sealing and unsealing the "vault" key. This makes th...

Moto E20 Readback Vulnerability

09/11/2022 Update: CVE ID CVE-2022-3917 has been reserved, with Lenovo to publish the Advisory Summary. TL;DR The Motorola E20 is an entry-level smartphone that uses a Unisoc system-on-chip. Motorola holds around 10% of the US smartphone market, though the sales of the E20 as a subset of that are...

grub2 authorization issue vulnerability

grub2 is a Linux system boot program from the GNU community. A security vulnerability in versions of grub2 prior to 2.06, where the cutmem command does not support secure boot locking, allows a privileged attacker to remove address ranges from memory, thus giving the opportunity to bypass secure...

PT-2020-3312 · Gnu +8 · Grub2 +8

The vulnerable software is GRUB2, a widely used bootloader for Linux and other operating systems. The affected versions are prior to 2.06. The issue is caused by a buffer overflow in the GRUB2 configuration file, which can be exploited by attackers to gain arbitrary code execution during the boot...

MemGuard - Secure Software Enclave For Storage Of Sensitive Information In Memory

Secure software enclave for storage of sensitive information in memory. This package attempts to reduce the likelihood of sensitive data being exposed. It supports all major operating systems and is written in pure Go. Features Sensitive data is encrypted and authenticated in memory using xSalsa2...

Bug in NVIDIA’s Tegra Chipset Opens Door to Malicious Code Execution

A flaw impacting millions of mobile and internet of things IoT devices running NVIDIA’s Tegra processor opens the door for a variety of attacks, including device hijacking or siphoning of data. The warning comes from researcher Triszka Balázs, who discovered the flaw and asserts that the bug...

New Variants of Cold-Boot Attack

If someone has physical access to your locked -- but still running -- computer, they can probably break the hard drive's encryption. This is a "cold boot" attack, and one we thought solved. We have not: To carry out the attack, the F-Secure researchers first sought a way to defeat the the...

Researchers Heat Up Cold-Boot Attack That Works on All Laptops

A pair of researchers have developed an attack method that can bypass mitigations for cold-boot attacks on laptops. A physical attacker can compromise a laptop that’s in sleep mode, potentially lifting sensitive passwords, encryption keys and other information. The ramifications are, on the...

A Decade-Old Attack Can Break the Encryption of Most PCs

The computer industry thought cold boot hacks were solved 10 years ago. Researchers have proven that's not the case...

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditionalCold Boot Attack , which is around since 2008 and lets attackers...

New Cold Boot Attack Unlocks Disk Encryption On Nearly All Modern PCs

Security researchers have revealed a new attack to steal passwords, encryption keys and other sensitive information stored on most modern computers, even those with full disk encryption. The attack is a new variation of a traditional Cold Boot Attack, which is around since 2008 and lets attackers...

Thunderstrike Patch Slated for Inclusion in New OS X Build

In addition to patching the three Project Zero vulnerabilities disclosed last week, Apple is apparently readying a fix for the Thunderstrike boot attack as well, something that will purportedly rid all Macs running Yosemite of the issue. All of the vulnerabilities have reportedly been fixed in...