|
198171
|
6.5 |
MEDIUM
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them to …
|
CWE-611
XXE
|
CVE-2020-36124
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198172
|
8.2 |
HIGH
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by a token spoofing vulnerability. Each payment terminal has a session token (called X-Terminal-Token) to access the marketplace. T…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2020-36128
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198173
|
6.5 |
MEDIUM
Network
|
paxtechnology
|
paxstore
|
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the c…
|
CWE-295
Improper Certificate Validation
|
CVE-2020-36127
|
2024-11-21 14:28 |
2021-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198174
|
9.8 |
CRITICAL
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. D…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35758
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198175
|
9.8 |
CRITICAL
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35757
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198176
|
7.5 |
HIGH
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not requi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35756
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198177
|
7.5 |
HIGH
Network
|
librewireless
|
ls9_firmware
|
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-cate…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-35755
|
2024-11-21 14:28 |
2021-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198178
|
7.8 |
HIGH
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35982
|
2024-11-21 14:28 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198179
|
7.8 |
HIGH
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
|
CWE-476
NULL Pointer Dereference
|
CVE-2020-35981
|
2024-11-21 14:28 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198180
|
7.8 |
HIGH
Local
|
gpac
|
gpac
|
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
|
CWE-416
Use After Free
|
CVE-2020-35980
|
2024-11-21 14:28 |
2021-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
