CVE Tools

paxtechnology

Mobile Appscommercial

14

Cumulative CVEs

3

Monthly snapshots

#105

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting paxtechnology.

CVE-2023-42137PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must ha...7.8Jan 15, 2024
CVE-2023-42136PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting wi...7.8Jan 15, 2024
CVE-2023-42135PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specifi...6.8Jan 15, 2024
CVE-2023-4818PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have phys...7.6Jan 15, 2024
CVE-2023-42134PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. Th...6.8Jan 15, 2024
CVE-2023-27199PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.6.7Jul 5, 2023
CVE-2023-27198PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The ...6.8Jul 5, 2023
CVE-2023-27197PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. The attacker...6.7Jul 5, 2023
CVE-2022-26582PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an attacker to gain root access through command injection in systool client. The attacker must have shell access to the devic...7.8Dec 16, 2022
CVE-2022-26581PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The a...6.8Dec 16, 2022
CVE-2022-26580PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have phy...6.8Dec 16, 2022
CVE-2022-26579PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root priv...6.0Dec 16, 2022
CVE-2020-36124Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by XML External Entity (XXE) injection. An authenticated attacker can compromise the private keys of a JWT token and reuse them t...6.5May 7, 2021
CVE-2020-36125Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control where password revalidation in sensitive operations can be bypassed remotely by an authenticated atta...7.1May 7, 2021
CVE-2020-36126Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. PAXSTORE marketplace endpoints allow an authenticated u...8.1May 7, 2021