CVE-2018-18984

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest...

CVE-2018-18984

CVE-2018-18984 affects Medtronic CareLink and Encore Programmers (9790, 2090, 29901 Encore). The vulnerability is caused by missing or insufficient encryption of sensitive data (PII/PHI) at rest. Impact, as described, is potential exposure of PHI/PII to someone with physical access to the device....

OMRON CX-One CX-Programmer CXP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The issue results from the lack of...

Omron CX-Programmer Detection (Windows SMB Login)

SMB login-based detection of Omron CX-Programmer. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Omron CX-One Memory Misreference Vulnerability

Omron CX-One is an integrated toolkit from Omron, which includes software for networking, PT, inverters, temperature controllers, and PLC programming, etc. CX-Programmer is a PLC programming software, and CX-Server is a driver management tool. A memory misreference vulnerability exists in Omron...

Code injection

In CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior, when processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code unde...

CVE-2018-18993

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior. When processing project files, the application allows input data to exceed the buffer. An attacker could use a...

CVE-2018-18993

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior. When processing project files, the application allows input data to exceed the buffer. An attacker could use a...

CVE-2018-18993

Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior. When processing project files, the application allows input data to exceed the buffer. An attacker could use a...

CVE-2018-18993

CVE-2018-18993 relates to two stack-based buffer overflow vulnerabilities in Omron CX-One (CX-Position module) affecting CX-One v4.42 and earlier, including CX-Programmer v9.66 and earlier and CX-Server v5.0.23 and earlier. The flaws occur when processing project files, allowing input data to exc...

Design/Logic Flaw

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD...

CVE-2018-5877

In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD...

CVE-2018-11996

CVE-2018-11996 describes an out-of-bounds access in the Qualcomm device programmer when a malformed command is sent, affecting Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear platforms (versions including MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, ...

Accused CIA Leaker Faces New Charges of Leaking Information From Prison

Joshua Adam Schulte , a 30-year-old former CIA computer programmer who was indicted over four months ago for masterminding the largest leak of classified information in the agency's history, has now been issued three new charges. The news comes just hours after Schulte wrote a letter to the feder...

BIOS Modules Unprotected by Intel Boot Guard Vulnerable to Physical Attack - Lenovo Support US

No description provided...

Identifying Programmers by their Coding Style

Fascinating research de-anonymizing code -- from either source code or compiled code: Rachel Greenstadt, an associate professor of computer science at Drexel University, and Aylin Caliskan, Greenstadt's former PhD student and now an assistant professor at George Washington University, have found...

Intel Quartus Prime Programmer and Tools Elevation of Privilege Vulnerability

Intel Quartus Prime Programmer and Tools is a hardware programming tool from Intel USA. A security vulnerability exists in Intel Quartus Prime Programmer and Tools versions 15.1 through 18.0. A local attacker can exploit the vulnerability to execute arbitrary code...

Intel Quartus II Programmer and Tools Elevation of Privilege Vulnerability

Intel Quartus II Programmer and Tools is a set of tools for hardware programming from Intel USA. A security vulnerability exists in Intel Quartus II Programmer and Tools versions 11.0 through 15.0. A local attacker can exploit the vulnerability to execute arbitrary code...

CVE-2018-10631

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870...