Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
physical vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2022-30730
Improper authorization in Samsung Pass before 1.0.00.33 allows physical malicious users to acess account list without authentication.
Samsung Samsung Pass
7.2
CVSSv2
CVE-2009-4128
GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted portion of a password with the actual password, which makes it easier for physically proximate malicious users to conduct brute force attacks and bypass authentication by submitting a password whose length is ...
Gnu Grub 2 1.97
4.6
CVSSv2
CVE-2019-14715
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
Verifone P400 Firmware -
Verifone P200 Firmware -
Verifone Vx 820 Firmware -
Verifone Vx 805 Firmware -
NA
CVE-2024-20865
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical malicious users to flash arbitrary images.
NA
CVE-2024-20866
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical malicious users to skip activation step.
5
CVSSv2
CVE-2001-0917
Jakarta Tomcat 4.0.1 allows remote malicious users to reveal physical path information by requesting a long URL with a .JSP extension.
Apache Tomcat 4.0.1
NA
CVE-2023-30676
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical malicious users to access data of Samsung Pass.
Samsung Pass
2.1
CVSSv2
CVE-2022-30740
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical malicious users to guess stored credit card numbers.
Samsung Internet
4.6
CVSSv2
CVE-2017-20002
The Debian shadow package prior to 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok...
Debian Shadow 4.4
Debian Debian Linux 9.0
NA
CVE-2022-36857
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical malicious users to read internal application data.
Google Android 11.0
Samsung Photo Editor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »