Show filters
987 Total Results
Displaying 11-20 of 987
Sort by:
Attacker Value
Unknown

CVE-2021-30815

Disclosure Date: October 19, 2021 (last updated October 21, 2021)
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.
Attacker Value
Unknown

CVE-2021-42055

Disclosure Date: October 18, 2021 (last updated October 23, 2021)
ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker.
Attacker Value
Unknown

CVE-2021-20121

Disclosure Date: October 11, 2021 (last updated October 19, 2021)
The Telus Wi-Fi Hub (PRV65B444A-S-TS) with firmware version 3.00.20 is vulnerable to an authenticated arbitrary file read. An authenticated user with physical access to the device can read arbitrary files from the device by preparing and connecting a specially prepared USB drive to the device, and making a series of crafted requests to the device's web interface.
Attacker Value
Unknown

CVE-2021-34757

Disclosure Date: October 06, 2021 (last updated October 15, 2021)
Multiple vulnerabilities in Cisco Business 220 Series Smart Switches firmware could allow an attacker with Administrator privileges to access sensitive login credentials or reconfigure the passwords on the user account. For more information about these vulnerabilities, see the Details section of this advisory.
Attacker Value
Unknown

CVE-2021-28702

Disclosure Date: October 06, 2021 (last updated October 16, 2021)
PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used for platform tasks such as legacy USB emulation. If such a device is passed through to a guest, then on guest shutdown the device is not properly deassigned. The IOMMU configuration for these devices which are not properly deassigned ends up pointing to a freed data structure, including the IO Pagetables. Subsequent DMA or interrupts from the device will have unpredictable behaviour, ranging from IOMMU faults to memory corruption.
Attacker Value
Unknown

CVE-2021-41094

Disclosure Date: October 04, 2021 (last updated October 13, 2021)
Wire is an open source secure messenger. Users of Wire by Bund may bypass the mandatory encryption at rest feature by simply disabling their device passcode. Upon launching, the app will attempt to enable encryption at rest by generating encryption keys via the Secure Enclave, however it will fail silently if no device passcode is set. The user has no indication that encryption at rest is not active since the feature is hidden to them. This issue has been resolved in version 3.70
Attacker Value
Unknown

CVE-2021-39899

Disclosure Date: October 04, 2021 (last updated October 13, 2021)
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function. There is a rate limit in place, but the attack may still be conducted by stealing the session id from the physical compromise of the account and splitting the attack over several IP addresses and passing in the compromised session value from these various locations.
Attacker Value
Unknown

CVE-2021-38396

Disclosure Date: September 30, 2021 (last updated October 14, 2021)
The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.
Attacker Value
Unknown

CVE-2021-38392

Disclosure Date: September 30, 2021 (last updated October 14, 2021)
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.
Attacker Value
Unknown

CVE-2021-38394

Disclosure Date: September 30, 2021 (last updated October 14, 2021)
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.