CVE-2013-2047

The login page aka index.php in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password...

CVE-2014-1257

CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation...

Geolocation OSINT Tool Creepy

Geolocation OSINT Tool Creepy Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps. What’s new in...

CVE-2013-5636

Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of...

Design/Logic Flaw

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.e...

CVE-2013-5635

Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by entering password guesses within multiple Unlock.e...

xorg-x11-server security and bug fix update

1.13.0-23 - Fix root window damage reports when Xinerama is active 919165 1.13.0-22 - Fix Xephyr crashes in 8 and 16 bit mode 1018405 1.13.0-21 - Fix Damage reports when Xinerama is active 919165 1.13.0-20 - Fix broken Xorg -configure 1016854 - CVE-2013-1940: Fix xf86FlushInput to drain evdev...

USN-2019-1: Linux kernel (Quantal HWE) vulnerabilities

An information leak was discovered in the handling of ICMPv6 Router Advertisement RA messages in the Linux kernel's IPv6 network stack. A remote attacker could exploit this flaw to cause a denial of service excessive retries and address-generation outage, and consequently obtain sensitive...

Design/Logic Flaw

Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation...

CVE-2013-5169

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen...

Design/Logic Flaw

Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors...

DEBIAN-CVE-2013-2899

drivers/hid/hid-picolcdcore.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDPICOLCD is enabled, allows physically proximate attackers to cause a denial of service NULL pointer dereference and OOPS via a crafted device...

DEBIAN-CVE-2013-2898

drivers/hid/hid-sensor-hub.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDSENSORHUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device...

CVE-2013-2891

drivers/hid/hid-steelseries.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDSTEELSERIES is enabled, allows physically proximate attackers to cause a denial of service heap-based out-of-bounds write via a crafted device...

CVE-2013-2798

Schweitzer Engineering Laboratories SEL SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service infinite loop via crafted input over a serial line...

Cross site request forgery (csrf)

BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of...

Authentication flaw

The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypass cookie-based authentication by leveraging an unattended workstation...

CVE-2013-0931

EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not enforce the Quick PIN Unlock timeout feature, which allows physically proximate attackers to bypass the passcode requirement for a screensaved session by entering a PIN after timeout expiration...

CVE-2013-0963

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID...

Design/Logic Flaw

The Anti-theft service in AVG AntiVirus for Android allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."...