y
Medium (5.3) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-07: GPay payments above NoCVM limits, CryptoATC out of order
Fix date: no patches available
Vector: Local
Systems affected: MasterCard Tokenisation Service (MDES)
Vendor: MasterCard
Notification status: October, 2021- Vendor notification date
Medium (4.9) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2021-06: Lack of integrity checks of the MCC field
Fix date: no patches available
Vector: Remote
Systems affected: Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor: EMVCo, Visa, MasterCard
Notification status: October, 2021- Vendor notification date
Medium (4.1) CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
PT-2021-05: Lack of Amount/CVMResults fields checking for Public Transport Schemes
Fix date: no patches available
Vector: Local
Systems affected: Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor: EMVCo
Notification status: October, 2021- Vendor notification date
Medium (4.9) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
PT-2021-04: AAC/ARQC cryptogram confusion
Fix date: no patches available
Vector: Remote
Systems affected: Visa Tokenisation Service (VTS)
MasterCard Tokenisation Service (MDES)
Vendor: Visa Inc, MasterCard Inc.
Notification status: October, 2021- Vendor notification date
Medium (5.3) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PT-2021-03: Apple Pay authentication and fields validation issues
Fix date: no patches available
Vector: Local
Systems affected: iOS/iPhone
Vendor: Apple Inc
Notification status: October, 2021- Vendor notification date
High (6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
Fix date: no patches available
Vector: Local
Systems affected: RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM)
Vendor: Diebold-Nixdorf
Notification status: July, 2018 - Vendor notification date
High (6.8) CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
Fix date: no patches available
Vector: Local
Systems affected: CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM)
Vendor: Diebold-Nixdorf
Notification status: July, 2018 - Vendor notification date
High (7,5) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
PT-2020-31: Denial of service in F5 Traffic Management Microkernel (TMM)
Fix date: December 17, 2020
Vector: Remote
Systems affected: Traffic Management Microkernel (TMM)
Vendor: F5 Networks
Notification status: April 30, 2020 - Vendor notification date
December 17, 2020 - Security advisory publication date
High (9,8) CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
PT-2020-30: Multiple code execution in Cisco Integrated Management Controller (CIMC)
Fix date: November 18, 2020
Vector: Remote
Systems affected: Cisco Integrated Management Controller (CIMC)
Vendor: Cisco
Notification status: April 11, 2020 - Vendor notification date
November 18, 2020 - Security advisory publication date
High (9,4) CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
PT-2020-29: Denial of service and potential arbitrary code execution in SonicOS
Fix date: October 12, 2020
Vector: Remote
Systems affected: SonicOS
SonicOSv
Vendor: SonicWall
Notification status: June 26, 2020 - Vendor notification date
October 12, 2020 - Security advisory publication date