CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39342
https://notcve.org/view.php?id=CVE-2024-39342
23 Sep 2024 — Entrust Instant Financial Issuance (formerly known as Cardwizard) 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier uses a DLL library (i.e. DCG.Security.dll) with a custom AES encryption process that relies on static hard-coded key values. These keys are not uniquely generated per installation of the software. Combined with the encrypted password that can be obtained from "WebAPI.cfg.xml" in CVE-2024-39341, the decryption is trivial and can lead to privilege escalation on the Windows host. • https://gist.github.com/VAMorales/21a8700a67d80c263b38e693fd528313 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 1CVE-2024-34329
https://notcve.org/view.php?id=CVE-2024-34329
22 Jul 2024 — Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.4 and earlier allows unauthenticated attackers to execute arbitrary code as SYSTEM via a crafted DLL payload. Los permisos inseguros en Entrust Datacard XPS Card Printer Driver 8.4 y versiones anteriores permiten a atacantes no autenticados ejecutar código arbitrario como SYSTEM a través de un payload DLL manipulado. Insecure permissions in Entrust Datacard XPS Card Printer Driver 8.5 and earlier without the dxp1-patch-E24-004 patch allows u... • https://github.com/pamoutaf/CVE-2024-34329 • CWE-277: Insecure Inherited Permissions •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4594
https://notcve.org/view.php?id=CVE-2007-4594
29 Aug 2007 — Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are obtained solel... • http://secunia.com/advisories/26630 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 8%CPEs: 9EXPL: 0CVE-2004-0369
https://notcve.org/view.php?id=CVE-2004-0369
31 Dec 2004 — Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. • http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-0712
https://notcve.org/view.php?id=CVE-2002-0712
14 Jan 2004 — Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. Entrust Authority Security Manager (EASM) 6.0 no requiere que múltiples usuarios máster cambien el password de un usuario máster, lo que permitiría que un usuario master ejecute operaciones que requieren autorización múltiple. • http://www.kb.cert.org/vuls/id/720017 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2001-0853
https://notcve.org/view.php?id=CVE-2001-0853
22 Nov 2001 — Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. • http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2001-1024
https://notcve.org/view.php?id=CVE-2001-1024
27 Jul 2001 — login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. • http://archives.neohapsis.com/archives/bugtraq/2001-07/0662.html •