Vulnerabilities (CVE)

Filtered by vendor Verifone Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14715 1 Verifone 8 P200, P200 Firmware, P400 and 5 more 2024-02-04 4.6 MEDIUM 6.8 MEDIUM
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
CVE-2019-14711 1 Verifone 2 Mx900, Mx900 Firmware 2024-02-04 4.4 MEDIUM 7.0 HIGH
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
CVE-2019-14719 1 Verifone 2 Mx900, Mx900 Firmware 2024-02-04 4.6 MEDIUM 7.8 HIGH
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
CVE-2019-14712 1 Verifone 2 Verix Os, Vx520 2024-02-04 4.6 MEDIUM 7.8 HIGH
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
CVE-2019-14716 1 Verifone 2 Verix Os, Vx520 2024-02-04 4.6 MEDIUM 6.6 MEDIUM
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
CVE-2019-14713 1 Verifone 2 Mx900, Mx900 Firmware 2024-02-04 2.1 LOW 5.5 MEDIUM
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
CVE-2019-14717 1 Verifone 2 Verix Os, Vx520 2024-02-04 4.6 MEDIUM 7.8 HIGH
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
CVE-2019-14718 1 Verifone 2 Mx900, Mx900 Firmware 2024-02-04 4.6 MEDIUM 6.7 MEDIUM
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
CVE-2019-10060 1 Verifone 1 Verix Multi-app Conductor 2024-02-04 6.8 MEDIUM 8.1 HIGH
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
CVE-2012-4951 1 Verifone 1 Vericentre Web Console 2024-02-04 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.