Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
physical vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-30704
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
Samsung Internet
NA
CVE-2023-32480
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.
Dell Alienware M15 R7 Firmware
Dell G15 5510 Firmware
Dell G15 5520 Firmware
Dell Inspiron 14 5410 Firmware
Dell Inspiron 14 5418 Firmware
Dell Inspiron 15 5510 Firmware
Dell Inspiron 15 5518 Firmware
Dell Inspiron 16 7620 2-in-1 Firmware
Dell Inspiron 3520 Firmware
Dell Inspiron 5410 Firmware
Dell Inspiron 5420 Firmware
Dell Inspiron 5620 Firmware
Dell Inspiron 7420 Firmware
Dell Inspiron 7510 Firmware
Dell Inspiron 7610 Firmware
Dell Latitude 3320 Firmware
Dell Latitude 3420 Firmware
Dell Latitude 3430 Firmware
Dell Latitude 3520 Firmware
Dell Latitude 3530 Firmware
Dell Precision 5760 Firmware
Dell Precision 5770 Firmware
7.2
CVSSv2
CVE-1999-0334
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
Sun Solaris
Sun Sunos 5.0
4.9
CVSSv2
CVE-2017-15596
An issue exists in Xen 4.4.x up to and including 4.9.x allowing ARM guest OS users to cause a denial of service (prevent physical CPU usage) because of lock mishandling upon detection of an add-to-physmap error.
Xen Xen 4.4.0
Xen Xen 4.4.1
Xen Xen 4.4.4
Xen Xen 4.5.0
Xen Xen 4.5.1
Xen Xen 4.5.2
Xen Xen 4.6.0
Xen Xen 4.7.0
Xen Xen 4.7.2
Xen Xen 4.7.3
Xen Xen 4.8.0
Xen Xen 4.9.0
Xen Xen 4.4.2
Xen Xen 4.5.5
Xen Xen 4.6.2
Xen Xen 4.6.3
Xen Xen 4.8.2
Xen Xen 4.4.3
Xen Xen 4.6.4
Xen Xen 4.6.5
Xen Xen 4.6.6
Xen Xen 4.7.1
4.6
CVSSv2
CVE-2019-10928
A vulnerability has been identified in SCALANCE SC-600 (V2.0). An authenticated attacker with access to port 22/tcp as well as physical access to an affected device may trigger the device to allow execution of arbitrary commands. The security vulnerability could be exploited by a...
Siemens Scalance Sc-600 Firmware 2.0
2.1
CVSSv2
CVE-2022-1955
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.
Opft Session 1.13.0
7.5
CVSSv2
CVE-2014-1543
Multiple heap-based buffer overflows in the navigator.getGamepads function in the Gamepad API in Mozilla Firefox prior to 30.0 allow remote malicious users to execute arbitrary code by using non-contiguous axes with a (1) physical or (2) virtual Gamepad device.
Mozilla Firefox
1.9
CVSSv2
CVE-2022-27841
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical malicious user to view the screen that is previously running without authentication
Samsung Samsung Pass
2.1
CVSSv2
CVE-2019-4351
IBM Maximo Anywhere 7.6.4.0 applications could disclose sensitive information to a user with physical access to the device. IBM X-Force ID: 161493.
Ibm Maximo Anywhere 7.6.4.0
5
CVSSv2
CVE-2000-0753
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
Microsoft Outlook 97
Microsoft Outlook 98
Microsoft Outlook 2000
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »