483 matches found
CVE-2018-12169
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypas...
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support US
No description provided...
BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - US
Lenovo Security Advisory: LEN-20527 Potential Impact: Elevation of privilege Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-9062, CVE-2018-12169 Summary Description: An attacker with unfettered physical access to a system and the skill to disassemble it, may attach a...
CVE-2018-9062 BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code...
F5 Networks BIG-IP : Linux kernel vulnerability (K22012502)
The cpreportfixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service integer underflow or possibly have unspecified other impact via a crafted HID report. CVE-2017-7273 C Tenable Network Security, Inc. The...
CVE-2017-7306
Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance serial number. NOTE: the vendor believes that...
CVE-2016-7638
An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Find My iPhone" component, which allows physically proximate attackers to disable this component by bypassing authentication...
MS16-140: Security update for boot manager: November 8, 2016
Resolves a vulnerability in Windows that could allow security feature bypass if a physically-present attacker installs an affected boot policy.SummaryThis security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a security feature bypass if a physically present...
CVE-2016-3876
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...
CVE-2016-3875
server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOWSAFEBOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884...
Design/Logic Flaw
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFEBOOTDISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge adb tool, aka internal bug 29900345...
CVE-2016-2423
server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection...
Code injection
EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector...
Design/Logic Flaw
Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state...
CVE-2015-7496
GNOME Display Manager gdm before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key...
Code injection
GNOME Display Manager gdm before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key...
CVE-2015-1319
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a US...
CVE-2015-5084
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive information via unspecified vectors...
Vulnerability-Riddled Drug Pumps Open to Takeover
One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across. Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple...
Design/Logic Flaw
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077...