25 matches found
Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models
On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...
EUVD-2024-34475
Malicious code in bioql PyPI...
Changing Clinic Image System SQL注入漏洞
Changing Clinic Image System is a computer system for managing and displaying medical images from Changing Taiwan, China. The Changing Clinic Image System suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks, which could lead to an unauthenticated...
MedDream PACS Premium setup incorrect default permissions vulnerability
Talos Vulnerability Report TALOS-2025-2154 MedDream PACS Premium setup incorrect default permissions vulnerability July 28, 2025 CVE Number CVE-2025-26469 SUMMARY An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium...
Privacy-Preserving AI for Encrypted Medical Imaging: a Framework for Secure Diagnosis and Learning
The rapid integration of Artificial Intelligence AI into medical diagnostics has raised pressing concerns about patient privacy, especially when sensitive imaging data must be transferred, stored, or processed. In this paper, we propose a novel framework for privacy-preserving diagnostic inferenc...
The vulnerability of the web interface of the “Central Archive of Medical Images” information system, due to deficiencies in encryption mechanisms, allows attackers to compromise the confidentiality and accessibility of the protected information.
The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to deficiencies in encryption mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality and accessibility of the protected...
The vulnerability of the web interface of the “Central Archive of Medical Images” information system, which stems from the lack of protective measures for the website structure, allows attackers to gain unauthorized access to the protected information.
The vulnerability of the web interface of the “Central Archive of Medical Images” information system is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the protected...
Santesoft Sante PACS Server 安全漏洞
Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A security vulnerability exists in Santesoft San...
Debian dla-4038 : dcmtk - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4038 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4038-2 [email protected] https://www.debian.org/lts/security/...
Santesoft Sante PACS Server 路径遍历漏洞
Santesoft Sante PACS Server is a DICOM 3.0 compliant PACS server, Modality Worklist server, HTTP Web server for DICOM files, and CD/DVD burning and printing server from Santesoft Cyprus. Used to store, archive, manage, view and burn medical images. A path traversal vulnerability exists in Santeso...
OFFIS DCMTK 安全漏洞
OFFIS DCMTK is a collection of libraries and applications that implement most of the DICOM standards from OFFIS Germany. Software for inspecting, building and converting DICOM image files, processing offline media, sending and receiving images over a network connection, as well as a demo image...
MGASA-2024-0251 Updated dcmtk packages fix security vulnerabilities
Multiple vulnerabilities have been fixed in DCMTK, a collection of libraries and applications implementing large parts the DICOM standard for medical images. CVE-2024-28130 Segmentation faults due to incorrect typecast CVE-2024-34508 Segmentation fault via invalid DIMSE message CVE-2024-34509...
CVE-2024-33606
An attacker could retrieve sensitive files medical images as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability...
CVE-2024-33606
An attacker could retrieve sensitive files medical images as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability...
CVE-2024-33606 MicroDicom DICOM Viewer Improper Authorization in Handler for Custom URL Scheme
An attacker could retrieve sensitive files medical images as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability...
CVE-2024-33606
CVE-2024-33606 affects MicroDicom DICOM Viewer prior to version 2024.2. The issue is Improper Authorization in the Handler for the Custom URL Scheme, enabling an attacker to retrieve sensitive medical images and to plant or overwrite images on the victim’s system. Exploitation requires user inter...
CVE-2024-33606 MicroDicom DICOM Viewer Improper Authorization in Handler for Custom URL Scheme
An attacker could retrieve sensitive files medical images as well as plant new medical images or overwrite existing medical images on a MicroDicom DICOM Viewer system. User interaction is required to exploit this vulnerability...
MicroDicom DICOM Viewer Security Vulnerability
MicroDicom DICOM Viewer is a lightweight and easy-to-use application from MicroDicom Inc. for processing and viewing medical images in DICOM format. A security vulnerability exists in versions of MicroDicom DICOM Viewer prior to 2024.2, which stems from the ability of an attacker to retrieve...
PT-2024-25372 · Unknown · Microdicom Dicom Viewer
Name of the Vulnerable Software and Affected Versions: MicroDicom DICOM Viewer affected versions not specified Description: The issue allows an attacker to retrieve sensitive files, such as medical images, and also enables them to add new medical images or overwrite existing ones on the system...
OESA-2022-1670 ImageMagick security update
Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...