221 matches found
CVE-2025-28354
An issue in the Printer Manager Systm of Entrust Corp Printer Manager D3.18.4-3 and below allows attackers to execute a directory traversal via a crafted POST request...
CLSA-2024-1730917387 Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Baltimore CyberTrust Root" - Certificate "Entrust Root...
CLSA-2024-1730917116 Update of ca-certificates
update to CKBI 2.70 from NSS 3.106 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Baltimore CyberTrust...
CLSA-2024-1730910767 Update of ca-certificates
update to CKBI 2.69 from NSS 3.103 - updated certificates: - Certificate "GLOBALTRUST 2020" - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Baltimore CyberTrust Root" - Certificate "Entrust Root...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39342
Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39341
Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...
CVE-2024-39342
Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...
CVE-2024-39341
CVE-2024-39341 affects Entrust Instant Financial Issuance (On Premise) software (6.10.0, 6.9.x, 6.8.x and earlier). A configuration file WebAPI.cfg.xml is left behind after installation and can be accessed without authentication via HTTP port 80, exposing system configuration parameter names and ...
CVE-2024-39342
Entrust Instant Financial Issuance (Cardwizard) versions 6.8.x–6.10.0 are affected by a flaw in the DCG.Security.dll AES implementation that uses static, hard-coded keys. The vulnerability is exacerbated by an encrypted password obtainable from WebAPI.cfg.xml (see CVE-2024-39341), allowing decryp...
CVE-2024-39342
Entrust Instant Financial Issuance formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library i.e. DCG.Security.dll with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of t...
CVE-2024-34329
Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload...
CVE-2024-34329
Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload...
CVE-2024-34329
Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload...
PT-2024-25789 · Entrust Datacard · Entrust Datacard Xps Card Printer Driver
Name of the Vulnerable Software and Affected Versions: Entrust Datacard XPS Card Printer Driver versions 8.5 and earlier without the dxp1-patch-E24-004 patch Entrust Datacard XPS Card Printer Driver versions 8.4 and earlier Description: The issue is related to insecure permissions in the Entrust...
CVE-2024-34329
CVE-2024-34329 affects Entrust Datacard XPS Card Printer Driver (versions 8.5 and earlier). The root cause is insecure permissions in the driver allowed by default installation paths, enabling unauthenticated local attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. Multiple ...
How to Detect Issuer Certificates and Comply with Google Chrome’s New Entrust Certificate Policy Using Qualys Certificate View
Google has announced that Chrome 127 and higher will no longer trust certain TLS certificates issued by Entrust, effective November 1, 2024. This change is significant and could potentially disrupt businesses relying on Entrust-issued certificates. Google stated that "publicly disclosed incident...
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
Chrome to Distrust Entrust Certificates by November 2024
From Entrust to Distrust!...