Lucene search
+L

81 matches found

RedhatCVE
RedhatCVE
added 2025/05/21 8:50 p.m.12 views

CVE-2005-4788

resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."...

2.1CVSS6.8AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2025/02/13 12:0 a.m.89 views

CVE-2023-34406

CVE-2023-34406 affects Mercedes‑Benz NTG 6 head units. The issue is an integer overflow in the UserData import/export function of NTG 6. Exploitation requires local access via USB; with prepared data, a attacker can crash the User-Data service, after which the service restarts automatically. The ...

3.3CVSS6.8AI score0.00217EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/01/17 12:0 a.m.11 views

PT-2025-1199 · Mercedes Benz · Ntg 6

Name of the Vulnerable Software and Affected Versions: Mercedes Benz NTG New Telematics Generation 6 Description: A possible type confusion exists in the user data import/export function of NTG 6 head units. To perform this attack, local access to the USB interface of the car is needed. With...

4.9CVSS7.6AI score0.00327EPSS
Exploits0References12
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.3 views

FabulaTech USB over Network 安全漏洞

FabulaTech USB over Network is a software solution from FabulaTech that allows you to access remote USB devices over a TCP/IP network or the Internet. A security vulnerability exists in FabulaTech USB over Network version 6.0.6.1, which stems from a function 0x22040C in the ftusbbus2.sys library ...

6.8CVSS5.6AI score0.00376EPSS
Exploits1References4
NVD
NVD
added 2024/11/13 6:15 p.m.20 views

CVE-2024-43085

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...

7.8CVSS0.00112EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/13 5:25 p.m.21 views

CVE-2024-43085

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed f...

0.00112EPSS
Exploits0References2
NVD
NVD
added 2024/11/07 9:15 p.m.14 views

CVE-2019-20469

An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable...

4.6CVSS0.00319EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.3 views

PT-2024-3920 · Microsoft · Windows Mobile Broadband Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Mobile Broadband Driver versions prior to Server 2022 23H2 Description: The issue is related to an integer overflow in the Windows Mobile Broadband Driver, which can be exploited by connecting a malicious USB device, allowing remote...

7.2CVSS8.1AI score0.00932EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2024/01/17 1:51 p.m.63 views

PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale PoS terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to...

7.8CVSS8.7AI score0.00663EPSS
Exploits5
OSV
OSV
added 2024/01/15 2:15 p.m.3 views

CVE-2023-4818

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

7.6CVSS5.8AI score0.00663EPSS
Exploits1References4
OSV
OSV
added 2024/01/15 2:15 p.m.3 views

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

6.8CVSS6.2AI score0.00663EPSS
Exploits2References4
OSV
OSV
added 2024/01/15 2:15 p.m.3 views

CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

6.8CVSS6.2AI score0.00663EPSS
Exploits2References4
NVD
NVD
added 2024/01/15 2:15 p.m.25 views

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

6.8CVSS6.8AI score0.00591EPSS
Exploits1References4
NVD
NVD
added 2024/01/15 2:15 p.m.21 views

CVE-2023-42134

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

6.8CVSS6.7AI score0.00557EPSS
Exploits1References4
Prion
Prion
added 2024/01/15 2:15 p.m.12 views

Design/Logic Flaw

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

4.6CVSS6.8AI score0.00663EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2024/01/15 2:15 p.m.15 views

Design/Logic Flaw

PAX Android based POS devices with PayDroid8.1.0SagittariusV11.1.4520230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability...

4.6CVSS7.3AI score0.00663EPSS
Exploits2References4Affected Software1
Cvelist
Cvelist
added 2024/01/15 1:28 p.m.30 views

CVE-2023-42135

PAX A920Pro/A50 devices with PayDroid8.1.0SagittariusV11.1.5020230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this...

6.8CVSS7AI score0.00591EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/01/15 1:28 p.m.2 views

CVE-2023-4818

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

6.8AI score0.00663EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.9 views

PT-2024-1567 · Pax · Paydroid

Name of the Vulnerable Software and Affected Versions: PAX A920Pro/A50 devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier Description: The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary code...

7.6CVSS7.5AI score0.00663EPSS
Exploits2References15
NVD
NVD
added 2023/12/21 1:15 a.m.26 views

CVE-2023-29486

An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component. NOTE: Heimdal argues that the limitation described here is a...

9.8CVSS0.0103EPSS
Exploits1References1
Rows per page
Query Builder