Lucene search
K

57 matches found

RedhatCVE
RedhatCVE
added 2025/07/30 1:37 p.m.5 views

CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

9.8CVSS6.2AI score0.00535EPSS
Exploits1References1
CNVD
CNVD
added 2025/07/30 12:0 a.m.2 views

MedDream PACS Premium Security Bypass Vulnerability

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A security bypass vulnerability exists in MedDream PACS Premium that stems from improper default permissions in the CServerSettings::SetRegistryValues function, which can be exploited by an...

9.8CVSS5.9AI score0.00535EPSS
Exploits1References1
NVD
NVD
added 2025/07/28 2:15 p.m.5 views

CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

9.8CVSS0.00535EPSS
Exploits1References2
OSV
OSV
added 2025/07/28 2:15 p.m.3 views

CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

9.8CVSS5.8AI score0.00535EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/07/28 1:36 p.m.6 views

CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

9.3CVSS0.00535EPSS
Exploits1References1
CVE
CVE
added 2025/07/28 1:36 p.m.24 views

CVE-2025-26469

CVE-2025-26469 affects MedDream PACS Premium 7.3.3.840. Cisco Talos reports an incorrect default permissions issue in CServerSettings::SetRegistryValues. This misconfiguration allows anyone with login access to read registry-stored credentials and decrypt them using RC4 with a hardcoded key, givi...

9.8CVSS6.2AI score0.00535EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/07/28 12:0 a.m.5 views

PT-2025-31101 · Unknown · Meddream Pacs Premium

Name of the Vulnerable Software and Affected Versions: MedDream PACS Premium version 7.3.3.840 Description: An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality. A specially crafted application can decrypt credentials stored in a...

9.3CVSS6.1AI score0.00535EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/07/28 12:0 a.m.3 views

MedDream PACS Premium 安全漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A security bypass vulnerability exists in MedDream PACS Premium that stems from improper default permissions in the CServerSettings::SetRegistryValues function, which can be exploited by an...

9.8CVSS7.3AI score0.00535EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2025/06/26 12:0 a.m.365 views

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

Exploit Title: McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information Date: 24 June 2025 Exploit Author: Keenan Scott Vendor Homepage: hxxps://www.mcafee.com/ Software Download: N/A Unable to find Version: Arguments CmdletBinding param string$DbSource =...

6.1CVSS7.4AI score0.00622EPSS
Exploits2
NVD
NVD
added 2025/06/10 3:15 p.m.7 views

CVE-2025-5353

A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials...

8.8CVSS0.00352EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:25 a.m.9 views

CVE-2022-25807

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

5.5CVSS6.9AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 p.m.10 views

CVE-2021-36234

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors...

5.5CVSS6.7AI score0.00319EPSS
Exploits0References1
OSV
OSV
added 2025/03/14 3:15 p.m.2 views

CVE-2024-45643

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/03/14 3:15 p.m.2 views

CVE-2024-45643

IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information...

7.5CVSS7.3AI score0.00202EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/03/13 5:15 p.m.3 views

CVE-2025-2263

During login to the web server in "Sante PACS Server.exe", OpenSSL function EVPDecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or...

9.8CVSS7.7AI score0.00851EPSS
Exploits2References1
NVD
NVD
added 2024/12/16 7:15 a.m.11 views

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

5.3CVSS0.00361EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/16 6:52 a.m.12 views

CVE-2024-9679

A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials...

5.3CVSS6.9AI score0.00361EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/16 12:0 a.m.2 views

Trellix Data Loss Prevention 安全漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic for all ports, protocols, etc. A security vulnerability exists in Trellix Data Loss Prevention Trellix DLP version...

5.3CVSS6.7AI score0.00361EPSS
Exploits0References1
Prion
Prion
added 2023/09/19 1:16 p.m.13 views

Spoofing

UNSUPPPORTED WHEN ASSIGNED Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions...

3.2CVSS6.3AI score0.00115EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/09/19 12:54 p.m.52 views

CVE-2022-47557

CVE-2022-47557 affects Ormazabal ekorCCP and ekorRCI. A vulnerability could allow an attacker with local network access to decrypt privileged-user credentials and subsequently gain access to the system to perform malicious actions. The provided sources describe the impact (credential decryption a...

6.1CVSS6.3AI score0.00115EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder