Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Verifone Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14719 1 Verifone 2 Mx900, Mx900 Firmware 2021-07-21 4.6 MEDIUM 7.8 HIGH
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.
CVE-2019-14711 1 Verifone 2 Mx900, Mx900 Firmware 2021-07-21 4.4 MEDIUM 7.0 HIGH
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.
CVE-2019-14712 1 Verifone 2 Verix Os, Vx520 2020-10-30 4.6 MEDIUM 7.8 HIGH
Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.
CVE-2019-14715 1 Verifone 8 P200, P200 Firmware, P400 and 5 more 2020-10-30 4.6 MEDIUM 6.8 MEDIUM
Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.
CVE-2019-14716 1 Verifone 2 Verix Os, Vx520 2020-10-30 4.6 MEDIUM 6.6 MEDIUM
Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).
CVE-2019-14717 1 Verifone 2 Verix Os, Vx520 2020-10-30 4.6 MEDIUM 7.8 HIGH
Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.
CVE-2019-14718 1 Verifone 2 Mx900, Mx900 Firmware 2020-10-28 4.6 MEDIUM 6.7 MEDIUM
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.
CVE-2019-14713 1 Verifone 2 Mx900, Mx900 Firmware 2020-10-28 2.1 LOW 5.5 MEDIUM
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.
CVE-2019-10060 1 Verifone 1 Verix Multi-app Conductor 2019-03-28 6.8 MEDIUM 8.1 HIGH
The Verix Multi-app Conductor application 2.7 for Verifone Verix suffers from a buffer overflow vulnerability that allows attackers to execute arbitrary code via a long configuration key value. An attacker must be able to download files to the device in order to exploit this vulnerability.
CVE-2012-4951 1 Verifone 1 Vericentre Web Console 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.