Vulnerabilities > Thalesgroup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-23 | CVE-2024-5264 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Luna EFT 2.1 Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis | 6.5 |
| 2023-08-16 | CVE-2023-2737 | Incorrect Default Permissions vulnerability in Thalesgroup Safenet Authentication Service 3.4.0 Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | 5.5 |
| 2022-06-24 | CVE-2021-42056 | Link Following vulnerability in Thalesgroup Safenet Authentication Client Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | 7.2 |
| 2022-06-10 | CVE-2021-42811 | Path Traversal vulnerability in Thalesgroup Safenet Keysecure 8.12.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. | 4.0 |
| 2022-01-19 | CVE-2021-42810 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Safenet Authentication Service Remote Desktop Gateway A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed. | 7.2 |
| 2021-12-20 | CVE-2021-42138 | Insufficient Entropy vulnerability in Thalesgroup Safenet Windows Logon Agent A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. | 3.5 |
| 2021-12-20 | CVE-2021-42808 | Unspecified vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | 7.2 |
| 2021-12-20 | CVE-2021-42809 | Improper Control of Dynamically-Managed Code Resources vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | 6.9 |
| 2021-06-16 | CVE-2021-32928 | Incomplete Cleanup vulnerability in Thalesgroup Sentinel LDK Run-Time Environment The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. | 7.5 |
| 2021-06-16 | CVE-2021-28979 | Injection vulnerability in Thalesgroup Safenet Keysecure 8.12.0 SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. | 4.3 |