Monthly Archive: September 2020

Bitcoin Core 0.20.0 allows remote denial of service. Date published : 2020-09-10 https://security.gentoo.org/glsa/202009-18 https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198

Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to...

A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the...

A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel...

Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-12/

Ingenico Telium 2 POS terminals have a buffer overflow via SOCKET_TASK in the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-19/

Ingenico Telium 2 POS terminals allow arbitrary code execution via the TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-18/

Ingenico Telium 2 POS terminals have hardcoded FTP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-11/

Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/

Ingenico Telium 2 POS terminals have a buffer overflow via the 0x26 command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-16/

Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-13/

Ingenico Telium 2 POS terminals have hardcoded PPP credentials. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-10/

Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-15/

Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. Date published : 2020-09-09 https://ingenico.us/smart-terminals/telium2 https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2020-14/