|
198001
|
8.1 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated use…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2020-36126
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198002
|
7.1 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated attack…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-36125
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198003
|
6.5 |
MEDIUM
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to …
|
CWE-611
XXE
|
CVE-2020-36124
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198004
|
8.2 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. T…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-36128
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198005
|
6.5 |
MEDIUM
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the c…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36127
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198006
|
9.8 |
CRITICAL
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. D…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35758
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198007
|
9.8 |
CRITICAL
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35757
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198008
|
7.5 |
HIGH
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not requi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35756
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198009
|
7.5 |
HIGH
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-cate…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35755
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198010
|
7.8 |
HIGH
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35982
|
2024-11-21 14:28 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
