20 matches found
EUVD-2020-20536
Malware in sbrugna...
EUVD-2020-20534
Malware in sbrugna...
EUVD-2020-20535
Malware in sbrugna...
CVE-2020-28045
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...
CVE-2020-28044
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
CVE-2020-28046
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user MAINAPP can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch...
CVE-2020-28045
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...
CVE-2020-28045
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...
CVE-2020-28044
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
CVE-2020-28044
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
CVE-2020-28046
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user MAINAPP can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch...
Code injection
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
Code injection
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user MAINAPP can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch...
Code injection
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...
CVE-2020-28044
An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions...
CVE-2020-28044
The CVE-2020-28044 entry applies to a PAX Point Of Sale device running ProlinOS up to 2.4.161.8859R. With physical access, an attacker can boot the device into management mode, enable the XCB service, and gain MAINAPP-privileged access to list, read, create, and overwrite files. The description d...
CVE-2020-28045
An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires installed applications and all system binaries to be signed either by the manufacturer or by the Point Of Sale application developer and distributor. The signature is a 2048-byte RSA signature verified in...
CVE-2020-28045
CVE-2020-28045 affects ProlinOS up to 2.4.161.8859R. Root cause: shared libraries are not required to be signed and are not verified, allowing an attacker with local access to load a crafted shared object via LD_PRELOAD, bypassing kernel ELF verification and executing unsigned code. This creates ...
CVE-2020-28046
ProlinOS up to version 2.4.161.8859R is affected. A local attacker with normal user (MAINAPP) privileges can escalate to root by abusing a setuid xtables-multi binary and using the ip6tables --modprobe switch. The connected records confirm the root-cause is the setuid installation and ip6tables m...
CVE-2020-28046
An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution privileges as a normal user MAINAPP can escalate to root privileges by exploiting the setuid installation of the xtables-multi binary and leveraging the ip6tables --modprobe switch...