Show filters
1,496 Total Results
Displaying 21-30 of 1,496
Sort by:
Attacker Value
Unknown

CVE-2023-6482

Disclosure Date: January 27, 2024 (last updated February 01, 2024)
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
Attacker Value
Unknown

CVE-2023-6044

Disclosure Date: January 19, 2024 (last updated January 27, 2024)
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.
Attacker Value
Unknown

CVE-2023-49515

Disclosure Date: January 17, 2024 (last updated January 25, 2024)
Insecure Permissiosn vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.
Attacker Value
Unknown

CVE-2023-4818

Disclosure Date: January 15, 2024 (last updated January 20, 2024)
PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used.  The attacker must have physical USB access to the device in order to exploit this vulnerability.
Attacker Value
Unknown

CVE-2023-42135

Disclosure Date: January 15, 2024 (last updated January 20, 2024)
PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.
Attacker Value
Unknown

CVE-2023-42134

Disclosure Date: January 15, 2024 (last updated January 20, 2024)
PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability.
Attacker Value
Unknown

CVE-2023-4001

Disclosure Date: January 15, 2024 (last updated January 25, 2024)
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
Attacker Value
Unknown

CVE-2024-22028

Disclosure Date: January 15, 2024 (last updated January 23, 2024)
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.
Attacker Value
Unknown

CVE-2024-0230

Disclosure Date: January 12, 2024 (last updated January 20, 2024)
A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
Attacker Value
Unknown

CVE-2024-0454

Disclosure Date: January 12, 2024 (last updated January 23, 2024)
ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.