PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions

The point-of-sale PoS terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code. The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to...

The vulnerability of the ASP Bootloader component of AMD’s microprogramming software allows a hacker to disclose sensitive information or cause system failures.

The vulnerability of the ASP Bootloader microprogramming system for AMD processors is related to the state of competition. Exploiting this vulnerability can allow attackers to disclose protected information or cause malfunctions in the system...

CVE-2023-52111

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity...

CVE-2023-52111

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity...

Authorization

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity...

CVE-2023-52111

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity...

CVE-2023-52111

CVE-2023-52111 concerns an authorization vulnerability in the BootLoader module of Huawei HarmonyOS. The issue is described as affecting theBootLoader component with potential integrity impact; CVSS v3.1 base score 7.5 (High) with Network attack vector, no user interaction required, and no confid...

CVE-2023-52111

Authorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity...

CVE-2023-4818

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-4818

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

Design/Logic Flaw

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-4818

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

CVE-2023-4818

CVE-2023-4818 affects PAX A920 bootloader downgrade due to a bug in the version check. The signature check remains intact and only bootloaders signed by PAX are accepted. Exploitation requires physical USB access to the device. The connected documents confirm the vulnerability and its physical-ac...

CVE-2023-4818

PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability...

PT-2024-1564 · Pax · Pax A920

Name of the Vulnerable Software and Affected Versions: PAX A920 device affected versions not specified Description: The issue is related to a bug in the version check of the PAX A920 device's bootloader, allowing it to be downgraded. The device correctly checks the signature and only allows...

DEBIAN-CVE-2024-23301

Relax-and-Recover aka ReaR through 2.7 creates a world-readable initrd when using GRUBRESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root...

Information disclosure

Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920 allow Information Disclosure in the Bootloader...

CVE-2023-43122

CVE-2023-43122 concerns Samsung Mobile Processor and Wearable Processor families (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) and is described as an Information Disclosure in the Bootloader. The Red Hat entry and PT-Security/PT-2023-28707 corroborate the issue on these Exynos l...

CVE-2023-43122

Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920 allow Information Disclosure in the Bootloader...

PT-2023-28707 · Samsung · Exynos 1330 +8

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920 Description: The issue allows Information Disclosure in the Bootloader. Recommendations: At the moment, there is no information abou...