CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2284 – Santesoft Sante PACS Server Access of Uninitialized Pointer DoS
https://notcve.org/view.php?id=CVE-2025-2284
13 Mar 2025 — A denial-of-service vulnerability exists in the "GetWebLoginCredentials" function in "Sante PACS Server.exe". • https://www.tenable.com/security/research/tra-2025-08 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2265 – Santesoft Sante PACS Server HTTP.db SHA1 Hash Truncation
https://notcve.org/view.php?id=CVE-2025-2265
13 Mar 2025 — The password of a web user in "Sante PACS Server.exe" is zero-padded to 0x2000 bytes, SHA1-hashed, base64-encoded, and stored in the USER table in the SQLite database HTTP.db. However, the number of hash bytes encoded and stored is truncated if the hash contains a zero byte • https://www.tenable.com/security/research/tra-2025-08 • CWE-916: Use of Password Hash With Insufficient Computational Effort •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2264 – Santesoft Sante PACS Server Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-2264
13 Mar 2025 — A Path Traversal Information Disclosure vulnerability exists in "Sante PACS Server.exe". An unauthenticated remote attacker can exploit it to download arbitrary files on the disk drive where the application is installed. • https://www.tenable.com/security/research/tra-2025-08 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2263 – Santesoft Sante PACS Server Stack-based Buffer Overflow
https://notcve.org/view.php?id=CVE-2025-2263
13 Mar 2025 — During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the username and password. A fixed 0x80-byte stack-based buffer is passed to the function as the output buffer. A stack-based buffer overflow exists if a long encrypted username or password is supplied by an unauthenticated remote attacker. • https://www.tenable.com/security/research/tra-2025-08 • CWE-121: Stack-based Buffer Overflow •