Filtered by vendor Verifone
Subscribe
Total
10 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | |||||
CVE-2019-14718 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | |||||
CVE-2019-14717 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | |||||
CVE-2019-14716 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | |||||
CVE-2019-14715 | 1 Verifone | 8 P200, P200 Firmware, P400 and 5 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. | |||||
CVE-2019-14713 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | |||||
CVE-2019-14712 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | |||||
CVE-2019-14711 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | |||||
CVE-2019-10060 | 1 Verifone | 1 Verix Multi-app Conductor | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability. | |||||
CVE-2012-4951 | 1 Verifone | 1 Vericentre Web Console | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. |