Vulnerabilities > Gemalto > Sentinel LDK RTE

DATE CVE VULNERABILITY TITLE RISK
2018-05-02 CVE-2018-8900 Cross-site Scripting vulnerability in Gemalto Sentinel LDK RTE
The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.
network
low complexity
gemalto CWE-79
6.1
2018-03-13 CVE-2018-6305 Unspecified vulnerability in Gemalto Sentinel LDK RTE
Denial of service in Gemalto's Sentinel LDK RTE version before 7.65
network
low complexity
gemalto
7.5
2018-03-13 CVE-2018-6304 Out-of-bounds Write vulnerability in Gemalto Sentinel LDK RTE
Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE version before 7.65 leads to remote denial of service
network
low complexity
gemalto CWE-787
7.5
2017-10-03 CVE-2017-11498 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gemalto Sentinel LDK RTE
Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files.
network
low complexity
gemalto CWE-119
7.5
2017-10-03 CVE-2017-11497 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gemalto Sentinel LDK RTE
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters.
network
low complexity
gemalto CWE-119
critical
9.8
2017-10-03 CVE-2017-11496 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gemalto Sentinel LDK RTE
Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.
network
low complexity
gemalto CWE-119
critical
9.8