CVE-2024-1863
published 2024-04-01CVE-2024-1863: Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on…
PriorityP268critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
1.13%
62.5th percentile
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21539.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sante | pacs_server | — | — |
| santesoft | sante_pacs_server | < 3.3.6 | 3.3.6 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2q9w-m9v5-rp2q: Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability
ghsa_unreviewed·2024-04-02
CVE-2024-1863 [CRITICAL] CWE-89 GHSA-2q9w-m9v5-rp2q: Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21539.
Red Hat
kernel: HID: core: remove unnecessary WARN_ON() in implement()
vendor_redhat·2024-07-12·CVSS 5.5
CVE-2024-39509 [MEDIUM] kernel: HID: core: remove unnecessary WARN_ON() in implement()
kernel: HID: core: remove unnecessary WARN_ON() in implement()
In the Linux kernel, the following vulnerability has been resolved:
HID: core: remove unnecessary WARN_ON() in implement()
Syzkaller hit a warning [1] in a call to implement() when trying
to write a value into a field of smaller size in an output report.
Since implement() already has a warn message printed out with the
help of hid_warn() and value in question gets trimmed with:
...
value &= m;
...
WARN_ON may be considered superfluous. Remove it to suppress future
syzkaller triggers.
[1]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 implement drivers/hid/hid-core.c:1451 [inline]
WARNING: CPU: 0 PID: 5084 at drivers/hid/hid-core.c:1451 hid_output_report+0x548/0x760 drivers/hid/hid-core.c:1863
Modules linked in:
CPU:
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-04-01
Published