Show filters
987 Total Results
Displaying 1-10 of 987
Sort by:
Attacker Value
Very High

CVE-2020-15858

Disclosure Date: August 21, 2020 (last updated September 04, 2020)
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04
Attacker Value
Very Low

CVE-2020-10263 - Smart Speaker Root Shell via internal UART

Disclosure Date: April 08, 2020 (last updated June 05, 2020)
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.
Attacker Value
Unknown

CVE-2021-38398

Disclosure Date: September 30, 2021 (last updated October 14, 2021)
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.
Attacker Value
Unknown

CVE-2021-39237

Disclosure Date: November 03, 2021 (last updated January 10, 2022)
Certain HP LaserJet, HP LaserJet Managed, HP PageWide, and HP PageWide Managed printers may be vulnerable to potential information disclosure.
Attacker Value
Unknown

CVE-2021-30816

Disclosure Date: October 28, 2021 (last updated November 03, 2021)
The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to see private contact information.
Attacker Value
Unknown

CVE-2020-14264

Disclosure Date: October 25, 2021 (last updated October 29, 2021)
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
Attacker Value
Unknown

CVE-2020-23058

Disclosure Date: October 22, 2021 (last updated October 29, 2021)
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
Attacker Value
Unknown

CVE-2021-0703

Disclosure Date: October 22, 2021 (last updated October 27, 2021)
In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-184569329
Attacker Value
Unknown

CVE-2020-14263

Disclosure Date: October 21, 2021 (last updated October 29, 2021)
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
Attacker Value
Unknown

CVE-2021-42299

Disclosure Date: October 20, 2021 (last updated October 28, 2021)
Microsoft Surface Pro 3 Security Feature Bypass Vulnerability