Vulnerabilities > Verifone
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-23 | CVE-2019-14719 | Unspecified vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | 4.6 |
2020-10-23 | CVE-2019-14718 | Incorrect Default Permissions vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation. | 4.6 |
2020-10-23 | CVE-2019-14717 | Classic Buffer Overflow vulnerability in Verifone Verix OS Qt000530 Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | 4.6 |
2020-10-23 | CVE-2019-14716 | Unspecified vulnerability in Verifone Verix OS Qt000530 Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | 4.6 |
2020-10-23 | CVE-2019-14715 | Out-of-bounds Write vulnerability in Verifone products Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation. | 4.6 |
2020-10-23 | CVE-2019-14713 | Unspecified vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages. | 2.1 |
2020-10-23 | CVE-2019-14712 | Unspecified vulnerability in Verifone Verix OS Qt000530 Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | 4.6 |
2020-10-23 | CVE-2019-14711 | Incorrect Authorization vulnerability in Verifone Mx900 Firmware 30251000 Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | 4.4 |
2019-03-26 | CVE-2019-10060 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Verifone Verix Multi-App Conductor 2.7 The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. | 6.8 |
2012-11-15 | CVE-2012-4951 | SQL Injection vulnerability in Verifone Vericentre web Console 2.0/2.0.1/2.2 Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. | 7.5 |