Vendor CVEs
Entrust
All CVEs
26 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34414 | Cri | 0.61 | — | 0.01 | Dec 9, 2025 | Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP… | ||
| CVE-2026-23746 | Cri | 0.60 | — | 0.01 | Jan 15, 2026 | Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe). The service… | ||
| CVE-2024-34329 | Hig | 0.55 | 8.4 | 0.01 | Jul 22, 2024 | Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. | ||
| CVE-2024-39342 | Med | 0.43 | 6.6 | 0.00 | Sep 23, 2024 | Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated… | ||
| CVE-2025-28354 | Med | 0.42 | 6.5 | 0.01 | Apr 25, 2025 | An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request. | ||
| CVE-2018-13252 | Med | 0.40 | 6.1 | 0.01 | Jul 5, 2018 | Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page. | ||
| CVE-2024-39341 | Med | 0.38 | 5.9 | 0.00 | Sep 23, 2024 | Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on… | ||
| CVE-2025-59701 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted). | |||
| CVE-2025-59693 | 0.00 | — | 0.01 | Dec 2, 2025 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving… | |||
| CVE-2025-59705 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface"… | |||
| CVE-2025-59698 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader. | |||
| CVE-2025-59703 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all… | |||
| CVE-2025-59695 | 0.00 | — | 0.01 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04. | |||
| CVE-2025-59704 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password. | |||
| CVE-2025-59696 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board. | |||
| CVE-2025-59702 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components. | |||
| CVE-2025-59697 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06. | |||
| CVE-2025-59700 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection). | |||
| CVE-2025-59694 | 0.00 | — | 0.00 | Dec 2, 2025 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the… | |||
| CVE-2025-59699 | 0.00 | — | 0.00 | Dec 2, 2025 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB… | |||
| CVE-2020-10659 | 0.00 | — | 0.00 | Mar 18, 2020 | Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain. | |||
| CVE-2007-4594 | 0.00 | — | 0.01 | Aug 29, 2007 | Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses… | |||
| CVE-2004-0369 | 0.00 | — | 0.04 | Dec 31, 2004 | Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. | |||
| CVE-2002-0712 | 0.00 | — | 0.05 | Feb 3, 2004 | Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | |||
| CVE-2001-0853 | 0.00 | — | 0.04 | Dec 6, 2001 | Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. | |||
| CVE-2001-1024 | 0.00 | — | 0.02 | Jul 27, 2001 | login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. |
- risk 0.61cvss —epss 0.01
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the Legacy Remoting Service that is enabled by default. The service registers a TCP…
- risk 0.60cvss —epss 0.01
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe). The service…
- risk 0.55cvss 8.4epss 0.01
Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload.
- risk 0.43cvss 6.6epss 0.00
Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated…
- risk 0.42cvss 6.5epss 0.01
An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request.
- risk 0.40cvss 6.1epss 0.01
Entrust Datacard Syntera CS 5.x has XSS via the name field of "Domain or Computer Name" in the login page.
- risk 0.38cvss 5.9epss 0.00
Entrust Instant Financial Issuance (On Premise) Software (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file (i.e. WebAPI.cfg.xml) after the installation process. This file can be accessed without authentication on…
- CVE-2025-59701Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted).
- CVE-2025-59693Dec 2, 2025risk 0.00cvss —epss 0.01
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving…
- CVE-2025-59705Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface"…
- CVE-2025-59698Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader.
- CVE-2025-59703Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all…
- CVE-2025-59695Dec 2, 2025risk 0.00cvss —epss 0.01
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.
- CVE-2025-59704Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.
- CVE-2025-59696Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board.
- CVE-2025-59702Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components.
- CVE-2025-59697Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06.
- CVE-2025-59700Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).
- CVE-2025-59694Dec 2, 2025risk 0.00cvss —epss 0.00
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the…
- CVE-2025-59699Dec 2, 2025risk 0.00cvss —epss 0.00
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB…
- CVE-2020-10659Mar 18, 2020risk 0.00cvss —epss 0.00
Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL Certificate Validation, leading to situations where (for example) a user continues to interact with a web site that has an invalid certificate chain.
- CVE-2007-4594Aug 29, 2007risk 0.00cvss —epss 0.01
Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses…
- CVE-2004-0369Dec 31, 2004risk 0.00cvss —epss 0.04
Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload.
- CVE-2002-0712Feb 3, 2004risk 0.00cvss —epss 0.05
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
- CVE-2001-0853Dec 6, 2001risk 0.00cvss —epss 0.04
Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat.
- CVE-2001-1024Jul 27, 2001risk 0.00cvss —epss 0.02
login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument.