Vulnerabilities > Thalesgroup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-23 | CVE-2024-5264 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Luna EFT 2.1 Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis | 6.5 |
| 2023-08-16 | CVE-2023-2737 | Incorrect Default Permissions vulnerability in Thalesgroup Safenet Authentication Service 3.4.0 Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | 5.5 |
| 2022-08-02 | CVE-2022-1293 | Cross-site Scripting vulnerability in Thalesgroup Citadel The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. | 6.1 |
| 2022-06-24 | CVE-2021-42056 | Link Following vulnerability in Thalesgroup Safenet Authentication Client 10.7.7 Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | 6.7 |
| 2022-06-10 | CVE-2021-42811 | Path Traversal vulnerability in Thalesgroup Safenet Keysecure 8.12.0/8.12.4 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. | 6.5 |
| 2022-01-19 | CVE-2021-42810 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Safenet Authentication Service Remote Desktop Gateway A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed. | 7.8 |
| 2021-12-20 | CVE-2021-42138 | Insufficient Entropy vulnerability in Thalesgroup Safenet Windows Logon Agent A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. | 6.5 |
| 2021-12-20 | CVE-2021-42808 | Unspecified vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | 6.7 |
| 2021-12-20 | CVE-2021-42809 | Improper Control of Dynamically-Managed Code Resources vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | 7.8 |
| 2021-06-16 | CVE-2021-32928 | Unspecified vulnerability in Thalesgroup Sentinel LDK Run-Time Environment 7.6 The Sentinel LDK Run-Time Environment installer (Versions 7.6 and prior) adds a firewall rule named “Sentinel License Manager” that allows incoming connections from private networks using TCP Port 1947. | 9.8 |