admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-11-08 20:01:27 +00:00
parent dd940a5b6d
commit fa08125407
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 319 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/0xxx/CVE-2019-0205.json
View File

@ -78,6 +78,11 @@
"refsource": "MLIST",
"name": "[thrift-user] 20191107 CVE-2019-0205",
"url": "https://lists.apache.org/thread.html/1c18ec6ebfea0a9211992be952e8b33d0fda202c077979b84a5e09a8@%3Cuser.thrift.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[thrift-user] 20191108 Re: CVE-2019-0205",
"url": "https://lists.apache.org/thread.html/1193444c17f499f92cd198d464a2c1ffc92182c83487345a854914b3@%3Cuser.thrift.apache.org%3E"
}
]
},

75
2019/13xxx/CVE-2019-13531.json Normal file
View File

@ -0,0 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13531",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Medtronic",
"product": {
"product_data": [
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "version 2.1.0 and lower"
},
{
"version_value": "version 2.0.3 and lower"
}
]
}
},
{
"product_name": "Valleylab LS10 Energy Platform (VLLS10GEN\u2014not available in the United States)",
"version": {
"version_data": [
{
"version_value": "version 1.20.2 and lower"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-01",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN\u2014not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator."
}
]
}
}

75
2019/13xxx/CVE-2019-13535.json Normal file
View File

@ -0,0 +1,75 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13535",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Medtronic",
"product": {
"product_data": [
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "version 2.1.0 and lower"
},
{
"version_value": "version 2.0.3 and lower"
}
]
}
},
{
"product_name": "Valleylab LS10 Energy Platform (VLLS10GEN\u2014not available in the United States)",
"version": {
"version_data": [
{
"version_value": "version 1.20.2 and lower"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PROTECTION MECHANISM FAILURE CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-01",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN\u2014not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data."
}
]
}
}

82
2019/13xxx/CVE-2019-13539.json Normal file
View File

@ -0,0 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13539",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Medtronic",
"product": {
"product_data": [
{
"product_name": "Valleylab Exchange Client",
"version": {
"version_data": [
{
"version_value": "version 3.4 and below"
}
]
}
},
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "software version 4.0.0 and below"
}
]
}
},
{
"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"version": {
"version_data": [
{
"version_value": "software version 1.1.0 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "REVERSIBLE ONE-WAY HASH CWE-328"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes."
}
]
}
}

82
2019/13xxx/CVE-2019-13543.json Normal file
View File

@ -0,0 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13543",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Medtronic",
"product": {
"product_data": [
{
"product_name": "Valleylab Exchange Client",
"version": {
"version_data": [
{
"version_value": "version 3.4 and below"
}
]
}
},
{
"product_name": "Valleylab FT10 Energy Platform (VLFT10GEN)",
"version": {
"version_data": [
{
"version_value": "software version 4.0.0 and below"
}
]
}
},
{
"product_name": "Valleylab FX8 Energy Platform (VLFX8GEN)",
"version": {
"version_data": [
{
"version_value": "software version 1.1.0 and below"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02",
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device."
}
]
}
}