Lucene search
+L

483 matches found

NVD
NVD
added 2018/09/21 8:29 p.m.18 views

CVE-2018-12169

Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypas...

7.6CVSS7.3AI score0.00553EPSS
Exploits0References3
Lenovo
Lenovo
added 2018/09/20 8:36 p.m.22 views

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support US

No description provided...

7.2CVSS6.6AI score0.00508EPSS
Exploits0
Lenovo
Lenovo
added 2018/09/20 5:36 p.m.588 views

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US

Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...

1.9AI score0.00553EPSS
Exploits0
Cvelist
Cvelist
added 2018/07/19 7:0 p.m.21 views

CVE-2018-9062 BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code...

6.9AI score0.00508EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/04/25 12:0 a.m.66 views

F5 Networks BIG-IP : Linux kernel vulnerability (K22012502)

The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service integer underflow or possibly have unspecified other impact via a crafted HID report. CVE-2017-7273 C Tenable Network Security, Inc. The...

6.6CVSS7.1AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/04/04 4:0 p.m.24 views

CVE-2017-7306

Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...

6.6AI score0.00361EPSS
Exploits1References2
Cvelist
Cvelist
added 2017/02/20 8:35 a.m.20 views

CVE-2016-7638

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication...

3.5AI score0.00398EPSS
Exploits0References3
Microsoft KB
Microsoft KB
added 2016/11/08 12:0 a.m.40 views

MS16-140: Security update for boot manager: November 8, 2016

Resolves a vulnerability in Windows that could allow security feature bypass if a physically-present attacker installs an affected boot policy.SummaryThis security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a security feature bypass if a physically present...

7.5CVSS7.4AI score0.06199EPSS
Exploits0
NVD
NVD
added 2016/09/11 9:59 p.m.22 views

CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

7.2CVSS6.5AI score0.00203EPSS
Exploits0References4
NVD
NVD
added 2016/09/11 9:59 p.m.22 views

CVE-2016-3875

server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOWSAFEBOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884...

7.2CVSS6.5AI score0.00197EPSS
Exploits0References4
Prion
Prion
added 2016/09/11 9:59 p.m.18 views

Design/Logic Flaw

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...

7.2CVSS7AI score0.00203EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2016/04/18 12:0 a.m.23 views

CVE-2016-2423

server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection...

6.2AI score0.0018EPSS
Exploits0References2
Prion
Prion
added 2015/12/23 3:59 a.m.21 views

Code injection

EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector...

7.2CVSS7.1AI score0.00561EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/12/11 11:59 a.m.17 views

Design/Logic Flaw

Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state...

2.1CVSS5.7AI score0.00371EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2015/11/24 8:59 p.m.18 views

CVE-2015-7496

GNOME Display Manager gdm before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key...

7.2CVSS5.9AI score0.00406EPSS
Exploits0References1
Prion
Prion
added 2015/11/24 8:59 p.m.11 views

Code injection

GNOME Display Manager gdm before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key...

7.2CVSS6.8AI score0.00406EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2015/09/17 4:59 p.m.18 views

CVE-2015-1319

The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a US...

2.1CVSS6.3AI score0.00365EPSS
Exploits0References2
Cvelist
Cvelist
added 2015/08/03 1:0 a.m.24 views

CVE-2015-5084

The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors...

6.1AI score0.00445EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2015/05/05 2:34 p.m.26 views

Vulnerability-Riddled Drug Pumps Open to Takeover

One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across. Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple...

10CVSS0.3AI score0.05162EPSS
Exploits0References6
Prion
Prion
added 2014/12/24 12:59 a.m.12 views

Design/Logic Flaw

Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077...

7.2CVSS7.2AI score0.00339EPSS
Exploits0References2Affected Software3
Rows per page
Query Builder