Vendor CVEs
Sante
All CVEs
62 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25113 | Hig | 0.65 | — | 0.01 | Jul 23, 2025 | An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the… | ||
| CVE-2020-37120 | Cri | 0.64 | 9.8 | 0.00 | Feb 5, 2026 | Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by… | ||
| CVE-2020-37009 | Hig | 0.57 | 8.8 | 0.01 | Jan 29, 2026 | MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system… | ||
| CVE-2025-5943 | Hig | 0.57 | 8.8 | 0.01 | Jun 10, 2025 | MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the… | ||
| CVE-2025-2265 | Hig | 0.51 | 7.8 | 0.00 | Mar 13, 2025 | The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte | ||
| CVE-2025-14501 | Hig | 0.49 | 7.5 | 0.01 | Dec 23, 2025 | Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to… | ||
| CVE-2025-2284 | Hig | 0.49 | 7.5 | 0.06 | Mar 13, 2025 | A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". | ||
| CVE-2025-2264 | 0.08 | — | 0.39 | Mar 13, 2025 | A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. | |||
| CVE-2022-2272 | 0.02 | — | 0.02 | Aug 3, 2022 | This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the… | |||
| CVE-2026-2034 | 0.00 | — | 0.00 | Feb 20, 2026 | Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in… | |||
| CVE-2025-54759 | 0.00 | — | 0.00 | Aug 18, 2025 | Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | |||
| CVE-2025-54862 | 0.00 | — | 0.00 | Aug 18, 2025 | Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. | |||
| CVE-2025-54156 | 0.00 | — | 0.00 | Aug 18, 2025 | The Sante PACS Server Web Portal sends credential information without encryption. | |||
| CVE-2025-53948 | 0.00 | — | 0.01 | Aug 18, 2025 | The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required. | |||
| CVE-2025-5481 | 0.00 | — | 0.00 | Jun 6, 2025 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2025-5307 | 0.00 | — | 0.00 | May 29, 2025 | Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. | |||
| CVE-2025-3481 | 0.00 | — | 0.01 | May 22, 2025 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this… | |||
| CVE-2025-3482 | 0.00 | — | 0.01 | May 22, 2025 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this… | |||
| CVE-2025-3483 | 0.00 | — | 0.01 | May 22, 2025 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this… | |||
| CVE-2025-3484 | 0.00 | — | 0.01 | May 22, 2025 | MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this… | |||
| CVE-2025-2480 | 0.00 | — | 0.00 | Mar 20, 2025 | Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker. | |||
| CVE-2025-2263 | 0.00 | — | 0.01 | Mar 13, 2025 | During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long… | |||
| CVE-2025-1002 | 0.00 | — | 0.00 | Feb 10, 2025 | MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the… | |||
| CVE-2025-0574 | 0.00 | — | 0.01 | Jan 30, 2025 | Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2025-0572 | 0.00 | — | 0.02 | Jan 30, 2025 | Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. … | |||
| CVE-2025-0573 | 0.00 | — | 0.02 | Jan 30, 2025 | Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2025-0569 | 0.00 | — | 0.01 | Jan 30, 2025 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. … | |||
| CVE-2025-0571 | 0.00 | — | 0.01 | Jan 30, 2025 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this… | |||
| CVE-2025-0570 | 0.00 | — | 0.01 | Jan 30, 2025 | Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this… | |||
| CVE-2025-0568 | 0.00 | — | 0.01 | Jan 30, 2025 | Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. … | |||
| CVE-2024-33606 | 0.00 | — | 0.00 | Jun 11, 2024 | An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability. | |||
| CVE-2024-28877 | 0.00 | — | 0.01 | Jun 11, 2024 | MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability. | |||
| CVE-2023-51637 | 0.00 | — | 0.01 | May 22, 2024 | Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The… | |||
| CVE-2023-35734 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this… | |||
| CVE-2023-34297 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-34296 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-34295 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-34294 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this… | |||
| CVE-2023-32135 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this… | |||
| CVE-2023-32134 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in… | |||
| CVE-2023-32133 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-32132 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2023-32131 | 0.00 | — | 0.01 | May 3, 2024 | Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability… | |||
| CVE-2024-1863 | 0.00 | — | 0.01 | Apr 1, 2024 | Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific… | |||
| CVE-2024-1696 | 0.00 | — | 0.00 | Mar 11, 2024 | In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution. | |||
| CVE-2024-1453 | 0.00 | — | 0.00 | Mar 1, 2024 | In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. | |||
| CVE-2024-25578 | 0.00 | — | 0.00 | Mar 1, 2024 | MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. | |||
| CVE-2024-22100 | 0.00 | — | 0.00 | Mar 1, 2024 | MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to… | |||
| CVE-2023-35986 | 0.00 | — | 0.00 | Oct 19, 2023 | Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | |||
| CVE-2023-39431 | 0.00 | — | 0.00 | Oct 19, 2023 | Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. |
- risk 0.65cvss —epss 0.01
An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying system by sending a crafted request to the /exportFile endpoint using the…
- risk 0.64cvss 9.8epss 0.00
Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicious text file with carefully constructed payload to execute arbitrary code by…
- risk 0.57cvss 8.8epss 0.01
MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating and uploading a PHP shell to execute arbitrary system…
- risk 0.57cvss 8.8epss 0.01
MicroDicom DICOM Viewer suffers from an out-of-bounds write vulnerability. Remote attackers are able to exploit this issue to potentially execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit the vulnerability in that the…
- risk 0.51cvss 7.8epss 0.00
The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte
- risk 0.49cvss 7.5epss 0.01
Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to…
- risk 0.49cvss 7.5epss 0.06
A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe".
- CVE-2025-2264Mar 13, 2025risk 0.08cvss —epss 0.39
A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed.
- CVE-2022-2272Aug 3, 2022risk 0.02cvss —epss 0.02
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the…
- CVE-2026-2034Feb 20, 2026risk 0.00cvss —epss 0.00
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in…
- CVE-2025-54759Aug 18, 2025risk 0.00cvss —epss 0.00
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
- CVE-2025-54862Aug 18, 2025risk 0.00cvss —epss 0.00
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
- CVE-2025-54156Aug 18, 2025risk 0.00cvss —epss 0.00
The Sante PACS Server Web Portal sends credential information without encryption.
- CVE-2025-53948Aug 18, 2025risk 0.00cvss —epss 0.01
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
- CVE-2025-5481Jun 6, 2025risk 0.00cvss —epss 0.00
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2025-5307May 29, 2025risk 0.00cvss —epss 0.00
Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.
- CVE-2025-3481May 22, 2025risk 0.00cvss —epss 0.01
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…
- CVE-2025-3482May 22, 2025risk 0.00cvss —epss 0.01
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…
- CVE-2025-3483May 22, 2025risk 0.00cvss —epss 0.01
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…
- CVE-2025-3484May 22, 2025risk 0.00cvss —epss 0.01
MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this…
- CVE-2025-2480Mar 20, 2025risk 0.00cvss —epss 0.00
Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker.
- CVE-2025-2263Mar 13, 2025risk 0.00cvss —epss 0.01
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long…
- CVE-2025-1002Feb 10, 2025risk 0.00cvss —epss 0.00
MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle (MITM) attack. This allows the…
- CVE-2025-0574Jan 30, 2025risk 0.00cvss —epss 0.01
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The…
- CVE-2025-0572Jan 30, 2025risk 0.00cvss —epss 0.02
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. …
- CVE-2025-0573Jan 30, 2025risk 0.00cvss —epss 0.02
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The…
- CVE-2025-0569Jan 30, 2025risk 0.00cvss —epss 0.01
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. …
- CVE-2025-0571Jan 30, 2025risk 0.00cvss —epss 0.01
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this…
- CVE-2025-0570Jan 30, 2025risk 0.00cvss —epss 0.01
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this…
- CVE-2025-0568Jan 30, 2025risk 0.00cvss —epss 0.01
Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. …
- CVE-2024-33606Jun 11, 2024risk 0.00cvss —epss 0.00
An attacker could retrieve sensitive files (medical images) as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability.
- CVE-2024-28877Jun 11, 2024risk 0.00cvss —epss 0.01
MicroDicom DICOM Viewer is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. User interaction is required to exploit this vulnerability.
- CVE-2023-51637May 22, 2024risk 0.00cvss —epss 0.01
Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The…
- CVE-2023-35734May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this…
- CVE-2023-34297May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2023-34296May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2023-34295May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2023-34294May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this…
- CVE-2023-32135May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this…
- CVE-2023-32134May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in…
- CVE-2023-32133May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro J2K File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2023-32132May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2023-32131May 3, 2024risk 0.00cvss —epss 0.01
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability…
- CVE-2024-1863Apr 1, 2024risk 0.00cvss —epss 0.01
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific…
- CVE-2024-1696Mar 11, 2024risk 0.00cvss —epss 0.00
In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution.
- CVE-2024-1453Mar 1, 2024risk 0.00cvss —epss 0.00
In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.
- CVE-2024-25578Mar 1, 2024risk 0.00cvss —epss 0.00
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.
- CVE-2024-22100Mar 1, 2024risk 0.00cvss —epss 0.00
MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to…
- CVE-2023-35986Oct 19, 2023risk 0.00cvss —epss 0.00
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
- CVE-2023-39431Oct 19, 2023risk 0.00cvss —epss 0.00
Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Page 1 of 2