Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
physical vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2020-28096
FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password.
Foscammall Foscam X1 Firmware 1.14.2.4
1 Github repository
4.6
CVSSv2
CVE-2019-14715
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
Verifone P400 Firmware -
Verifone P200 Firmware -
Verifone Vx 820 Firmware -
Verifone Vx 805 Firmware -
NA
CVE-2024-20865
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical malicious users to flash arbitrary images.
7.2
CVSSv2
CVE-2009-4128
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate malicious users to conduct brute force attacks and bypass authentication by submitting a password whose length is ...
Gnu Grub 2 1.97
NA
CVE-2024-20866
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical malicious users to skip activation step.
4.6
CVSSv2
CVE-2017-20002
The Debian shadow package prior to 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok...
Debian Shadow 4.4
Debian Debian Linux 9.0
5
CVSSv2
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote malicious users to reveal physical path information by requesting a long URL with a .JSP extension.
Apache Tomcat 4.0.1
2.1
CVSSv2
CVE-2022-30740
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical malicious users to guess stored credit card numbers.
Samsung Internet
NA
CVE-2023-30676
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical malicious users to access data of Samsung Pass.
Samsung Pass
NA
CVE-2023-42575
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical malicious users to bypass authentication due to invalid flag setting.
Samsung Pass
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »