Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
physical vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv3
CVE-2022-30730
Improper authorization in Samsung Pass before 1.0.00.33 allows physical malicious users to acess account list without authentication.
Samsung Samsung Pass
6.8
CVSSv3
CVE-2019-14715
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
Verifone P400 Firmware -
Verifone P200 Firmware -
Verifone Vx 820 Firmware -
Verifone Vx 805 Firmware -
NA
CVE-2009-4128
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate malicious users to conduct brute force attacks and bypass authentication by submitting a password whose length is ...
Gnu Grub 2 1.97
7.8
CVSSv3
CVE-2017-20002
The Debian shadow package prior to 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok...
Debian Shadow 4.4
Debian Debian Linux 9.0
4.3
CVSSv3
CVE-2022-30740
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical malicious users to guess stored credit card numbers.
Samsung Internet
NA
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote malicious users to reveal physical path information by requesting a long URL with a .JSP extension.
Apache Tomcat 4.0.1
4.6
CVSSv3
CVE-2023-30676
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical malicious users to access data of Samsung Pass.
Samsung Pass
7.5
CVSSv3
CVE-2022-29945
DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol.
Dji Mavic 3 Firmware -
Dji Rc Pro Firmware -
Dji Air 2s Firmware -
Dji Air 2 Firmware -
Dji Mini 2 Firmware -
Dji Mini Se Firmware -
Dji Fpv Firmware -
Dji Fhantom 4 Pro Firmware -
Dji Inspire 2 Firmware -
Dji Zenmuse X7 Firmware -
Dji Zenmuse X5s Firmware -
2.4
CVSSv3
CVE-2022-36857
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical malicious users to read internal application data.
Google Android 11.0
Samsung Photo Editor
2.4
CVSSv3
CVE-2022-36876
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical malicious users to access account list without authentication.
Samsung Samsung Pass
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »