CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0568 – Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-0568
20 Jan 2025 — Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • https://www.zerodayinitiative.com/advisories/ZDI-25-049 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0569 – Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-0569
20 Jan 2025 — Sante PACS Server DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • https://www.zerodayinitiative.com/advisories/ZDI-25-052 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0570 – Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-0570
20 Jan 2025 — Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • https://www.zerodayinitiative.com/advisories/ZDI-25-050 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0571 – Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-0571
20 Jan 2025 — Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • https://www.zerodayinitiative.com/advisories/ZDI-25-051 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0572 – Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-0572
20 Jan 2025 — Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-054 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0573 – Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-0573
20 Jan 2025 — Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.zerodayinitiative.com/advisories/ZDI-25-053 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0574 – Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-0574
20 Jan 2025 — Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of URLs in the web server module. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. • https://www.zerodayinitiative.com/advisories/ZDI-25-055 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51637 – Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-51637
17 May 2024 — Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the DICOM service, which listens on TCP port 11122 by default. When parsing the NAME element of the PATIENT record, the process does not properly validate a user-supplied string before using... • https://www.zerodayinitiative.com/advisories/ZDI-24-468 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1863 – Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-1863
23 Feb 2024 — Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. • https://www.zerodayinitiative.com/advisories/ZDI-24-193 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •