Lucene search
K

63 matches found

Cvelist
Cvelist
added 2020/10/27 7:50 p.m.26 views

CVE-2019-8799

This issue was resolved by replacing device names with a random identifier. This issue is fixed in iOS 13.1 and iPadOS 13.1, macOS Catalina 10.15, watchOS 6, tvOS 13. An attacker in physical proximity may be able to passively observe device names in AWDL communications...

3.8AI score0.00333EPSS
Exploits0References4
Prion
Prion
added 2019/11/29 10:15 p.m.29 views

Code injection

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

1.9CVSS6.7AI score0.00576EPSS
Exploits0References5Affected Software3
RedHat Linux
RedHat Linux
added 2019/10/08 10:7 a.m.2 views

hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB)

A flaw was discovered in the Bluetooth protocol. An attacker within physical proximity to the Bluetooth connection could downgrade the encryption protocol to be trivially brute forced...

8.1CVSS7.1AI score0.02691EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2019/08/06 12:47 p.m.4 views

kernel: Heap address information leak while using L2CAP_PARSE_CONF_RSP

A flaw was found in the Linux kernel's implementation of logical link control and adaptation protocol L2CAP, part of the Bluetooth stack in the l2capparseconfrsp and l2capparseconfreq functions. An attacker with physical access within the range of standard Bluetooth transmission can create a...

6.5CVSS7AI score0.01827EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2019/06/03 7:42 p.m.109 views

Tap 'n Ghost Attack Creatively Targets Android Devices

Researchers have created a novel proof-of-concept PoC attack named Tap ‘n Ghost, which targets Near Field Communication NFC-enabled Android smartphones. This allows an attacker to take control of a target phone simply by tricking the victim into placing their handset on a specially crafted surfac...

0.6AI score
Exploits0References4
The Hacker News
The Hacker News
added 2019/05/16 10:55 a.m.2 views

Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement

A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google's Titan Security Keys that could not be patched with a software update. However, users do not need to worry as Google has announced to offer a free replacement f...

6.6AI score
Exploits0
Intel
Intel
added 2018/07/23 12:0 a.m.19 views

Bluetooth® pairing vulnerability

Summary: Bluetooth Pairing update. Description: A vulnerability in Bluetooth® pairing potentially allows an attacker with physical proximity within 30 meters to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth®...

6.9AI score
Exploits0
OSV
OSV
added 2018/04/03 6:29 a.m.5 views

CVE-2018-4123

An issue was discovered in certain Apple products. iOS before 11.3 is affected. The issue involves alarm and timer handling in the "Clock" component. It allows physically proximate attackers to discover the iTunes e-mail address...

2.4CVSS5.8AI score0.0038EPSS
Exploits0References3
OSV
OSV
added 2018/04/03 6:29 a.m.2 views

CVE-2017-7065

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. The issue involves the "Wi-Fi" component. It allows remote attackers to execute arbitrary code on the Wi-Fi chip or cause a denial of service memory...

8.8CVSS7.6AI score0.01148EPSS
Exploits2References4
CNVD
CNVD
added 2017/09/22 12:0 a.m.3 views

Multiple Thales nShield Connect Hardware Privilege Access Control Vulnerabilities

Thales nShield Connect hardware models 500 and others are networked HSM Hardware Security Module devices from Thales e-Security, USA. A security vulnerability exists in several models of Thales nShield Connect hardware. An attacker in close physical proximity could exploit this vulnerability to...

6.8CVSS6.7AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/04/05 12:17 p.m.26 views

CVE-2017-7407

The ourWriteOut function in toolwriteout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a...

2.4CVSS2AI score0.00581EPSS
Exploits0References2
OSV
OSV
added 2017/02/20 8:59 a.m.4 views

CVE-2016-7765

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Clipboard" component, which allows physically proximate attackers to obtain sensitive information in the lockscreen state by viewing clipboard contents...

2.4CVSS5.8AI score0.00317EPSS
Exploits0References1
Prion
Prion
added 2016/09/11 9:59 p.m.17 views

Design/Logic Flaw

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

2.1CVSS7AI score0.00175EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2016/08/02 2:59 p.m.3 views

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

6.5CVSS5.8AI score0.01023EPSS
Exploits0References4
OSV
OSV
added 2016/04/18 12:59 a.m.4 views

UBUNTU-CVE-2016-2421

Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26154410...

6.1CVSS6.7AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2016/02/07 1:59 a.m.5 views

CVE-2016-0812

The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the...

6.1CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2016/02/07 1:59 a.m.3 views

UBUNTU-CVE-2016-0812

The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the...

6.1CVSS6.7AI score0.0018EPSS
Exploits0References4
CVE
CVE
added 2015/09/17 4:0 p.m.62 views

CVE-2015-1319

The CVE-2015-1319 issue affects the Unity Settings Daemon in Ubuntu 14.04 LTS and 15.04. It arises because the daemon does not reliably detect when the screen is locked, allowing a physically proximate attacker to mount removable media (e.g., a USB thumb drive) while the session is locked. Affect...

2.1CVSS6.4AI score0.00365EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2013/11/30 11:43 a.m.14 views

Design/Logic Flaw

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.e...

3.3CVSS7.2AI score0.00207EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2013/09/16 1:1 p.m.25 views

CVE-2013-2891

drivers/hid/hid-steelseries.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDSTEELSERIES is enabled, allows physically proximate attackers to cause a denial of service heap-based out-of-bounds write via a crafted device...

4.7CVSS6.8AI score0.00333EPSS
Exploits0References2
Rows per page
Query Builder