CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

Code injection

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

CVE-2018-3687

Intel reports a Privilege Escalation/Vulnerability in the Intel Quartus family due to unquoted service paths. Affected: Quartus II v11.0–15.0; Quartus Prime v15.1–18.0; Intel Quartus II Programmer and Tools v11.0–15.0; Programmer and Tools v15.1–18.0. Root cause: unquoted service paths in the JTA...

CVE-2018-3688

CVE-2018-3688 refers to an unquoted service path vulnerability in Intel Quartus Prime Programmer and Tools, affecting Quartus Prime Programmer and Tools v15.1–18.0. The underlying issue enables a local attacker to potentially execute arbitrary code with elevated privileges by abusing the service ...

Medtronic 2090 CareLink Programmer Design Vulnerability

The Medtronic 2090 CareLink Programmer is a suite of portable computer products from Medtronic, Inc. The product is used to manage and program cardiac devices in the medical industry. A security vulnerability exists in all versions of the Medtronic 2090 CareLink Programmer in the affected product...

Code injection

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

CVE-2018-10596

CVE-2018-10596 affects the Medtronic 2090 CareLink Programmer (and 29901 Encore Programmer) where software downloads updates over a VPN-protected network via HTTP without verifying VPN persistence or update source. The root issue is improper restriction of communication channels to intended endpo...

Node.js third-party modules: Privilage escalation with malicious .npmrc

Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...

Medtronic N'Vision Clinician Programmer Information Disclosure Vulnerability

The Medtronic N'Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic's nerve graft therapy devices. An information disclosure vulnerability exists in Medtronic N'Vision Clinician Programmer, which can be exploited by attackers to obtain...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest...

CVE-2018-8849

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

CVE-2018-8849

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

CVE-2018-8849

CVE-2018-8849 affects Medtronic N’Vision Clinician Programmer 8840 (all versions) and 8870 removable Application Card (all versions). root cause: missing encryption of PII/PHI at rest, enabling potential exposure of sensitive patient data if physical access is gained. ICS-CERT Update A confirms v...

CVE-2018-8849 Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

Medtronic N'Vision Clinician Programmer (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 -------- CVSS v3 6.3 --------- End Update A Part 1 of 5 ----------- ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: N’Vision Clinician Programmer --------- Begin Update A Part 2 of 5 ----------- Vulnerabilities:...

CVE-2018-5446

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format...

CVE-2018-5448

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system...

Design/Logic Flaw

All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network...

CVE-2018-5446 Medtronic 2090 Carelink Programmer Storing Passwords in a Recoverable Format

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format...

CVE-2018-5448

CVE-2018-5448 affects Medtronic 2090 CareLink Programmer and 29901 Encore Programmer via the CareLink SDN. The vulnerability is a relative path traversal in the software deployment network that could allow an attacker to read files on the system. ICS-CERT advisory Update C/Update B describes this...