Show filters
1,622 Total Results
Displaying 151-160 of 1,622
Sort by:
Attacker Value
Unknown

CVE-2023-42135

Disclosure Date: January 15, 2024 (last updated January 20, 2024)
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.
Attacker Value
Unknown

CVE-2023-42134

Disclosure Date: January 15, 2024 (last updated January 20, 2024)
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability.
Attacker Value
Unknown

CVE-2023-4001

Disclosure Date: January 15, 2024 (last updated April 25, 2024)
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
Attacker Value
Unknown

CVE-2024-22028

Disclosure Date: January 15, 2024 (last updated January 23, 2024)
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.
Attacker Value
Unknown

CVE-2024-0230

Disclosure Date: January 12, 2024 (last updated January 20, 2024)
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
Attacker Value
Unknown

CVE-2024-0454

Disclosure Date: January 12, 2024 (last updated January 23, 2024)
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
Attacker Value
Unknown

CVE-2023-50124

Disclosure Date: January 11, 2024 (last updated January 20, 2024)
Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner.
Attacker Value
Unknown

CVE-2023-51751

Disclosure Date: January 11, 2024 (last updated January 23, 2024)
ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. This is fixed in 10.5.7 by preventing the launching of the file explorer in Agent-based Multi-App and Single App Kiosk mode.
Attacker Value
Unknown

CVE-2023-51750

Disclosure Date: January 11, 2024 (last updated January 23, 2024)
ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. NOTE: the vendor's position is "Not vulnerable if the default Windows device profile configuration is used which utilizes modern management with website allow-listing rules."
Attacker Value
Unknown

CVE-2023-40529

Disclosure Date: January 10, 2024 (last updated January 18, 2024)
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information.