Show filters
1,022 Total Results
Displaying 1-10 of 1,022
Sort by:
Attacker Value
Very High

CVE-2020-15858

Disclosure Date: August 21, 2020 (last updated September 04, 2020)
Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. The directory path access check of the internal flash file system can be circumvented. This flash file system can store application-specific data and data needed for customer Java applications, TLS and OTAP (Java over-the-air-provisioning) functionality. The affected products and releases are: BGS5 up to and including SW RN 02.000 / ARN 01.001.06 EHSx and PDSx up to and including SW RN 04.003 / ARN 01.000.04 ELS61 up to and including SW RN 02.002 / ARN 01.000.04 ELS81 up to and including SW RN 05.002 / ARN 01.000.04 PLS62 up to and including SW RN 02.000 / ARN 01.000.04
Attacker Value
Very Low

CVE-2020-10263 - Smart Speaker Root Shell via internal UART

Disclosure Date: April 08, 2020 (last updated June 05, 2020)
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by accessing the UART interface and then they can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro LX06, (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’ SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks.
Attacker Value
Unknown

CVE-2021-38398

Disclosure Date: September 30, 2021 (last updated October 14, 2021)
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.
Attacker Value
Unknown

CVE-2022-43096

Disclosure Date: November 17, 2022 (last updated November 22, 2022)
Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
Attacker Value
Unknown

CVE-2022-20826

Disclosure Date: November 15, 2022 (last updated November 19, 2022)
A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.
Attacker Value
Unknown

CVE-2022-3903

Disclosure Date: November 14, 2022 (last updated November 18, 2022)
An incorrect read request flaw was found in the Infrared Transceiver USB driver in the Linux kernel. This issue occurs when a user attaches a malicious USB device. A local user could use this flaw to starve the resources, causing denial of service or potentially crashing the system.
Attacker Value
Unknown

CVE-2022-28611

Disclosure Date: November 11, 2022 (last updated November 17, 2022)
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.
Attacker Value
Unknown

CVE-2022-26045

Disclosure Date: November 11, 2022 (last updated November 17, 2022)
Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.
Attacker Value
Unknown

CVE-2022-27874

Disclosure Date: November 11, 2022 (last updated November 17, 2022)
Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.
Attacker Value
Unknown

CVE-2022-41099

Disclosure Date: November 09, 2022 (last updated November 15, 2022)
BitLocker Security Feature Bypass Vulnerability.