CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

CVE-2025-59404

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot AVB and allows direct modification of partitions...

grub2: command/gpg: Use-after-free due to hooks not being removed on module unload

A flaw was found in command/gpg. In some scenarios, hooks created by loaded modules are not removed when the related module is unloaded. This flaw allows an attacker to force grub2 to call the hooks once the module that registered it was unloaded, leading to a use-after-free vulnerability. If...

[slackware-security] kernel

New kernel packages are available for Slackware 15.0 to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/kernel-firmware-20250912f0f4634-noarch-1.txz: Upgraded. patches/packages/linux-5.15.193/kernel-generic-5.15.193-i586-1.txz: Upgraded...

PyInstaller has local privilege escalation vulnerability

Impact Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryption while this entry is still present in sys.path, an application built with...

Linux Distros Unpatched Vulnerability : CVE-2016-6729

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2016-8467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the bootloader could enable a local attacker to execute arbitrary modem commands on the device. This issue is rated a...

Linux Distros Unpatched Vulnerability : CVE-2016-3850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 2013 devices allows attackers to gain...

Linux Distros Unpatched Vulnerability : CVE-2017-0455

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

CVE-2025-59042 PyInstaller has local privilege escalation vulnerability

PyInstaller bundles a Python application and all its dependencies into a single package. Due to a special entry being appended to sys.path during the bootstrap process of a PyInstaller-frozen application, and due to the bootstrap script attempting to load an optional module for bytecode decryptio...

CVE-2025-59042

CVE-2025-59042 is a PyInstaller-related issue. In PyInstaller builds older than 6.0.0, the bootstrap process appends a special entry to sys.path and may load an optional bytecode-decryption module, enabling an unprivileged attacker to execute arbitrary Python code if they can place a file/dir nex...

PT-2025-36997

Name of the Vulnerable Software and Affected Versions: PyInstaller versions prior to 6.0.0 Description: PyInstaller packages Python applications and their dependencies into a single package. A specially crafted entry appended to sys.path during the bootstrap process of a PyInstaller-frozen...

CVE-2023-31330

An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality...

CVE-2023-31330

An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality...

CVE-2023-31330

CVE-2023-31330 concerns an out-of-bounds read in the ASP bootloader that could let a privileged attacker with access to a malicious bootloader read sensitive memory, leading to loss of confidentiality. The affected component is the ASP bootloader on AMD Client Processor platforms (ASP/SMM and rel...

CVE-2023-31330

An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality...

CVE-2023-31330

An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality...

CVE-2021-46750

Failure to validate the address and size in TEE Trusted Execution Environment may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR Trusted Memory Region that was previously allocated by the ASP bootloader leading to a potential los...

CVE-2021-46750

Failure to validate the address and size in TEE Trusted Execution Environment may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR Trusted Memory Region that was previously allocated by the ASP bootloader leading to a potential los...