Vulnerabilities > Thalesgroup
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-23 | CVE-2024-5264 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Luna EFT 2.1 Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis | 6.5 |
| 2024-02-27 | CVE-2024-0197 | Unspecified vulnerability in Thalesgroup Sentinel Hasp LDK A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access. | 7.8 |
| 2024-02-27 | CVE-2023-5993 | Unspecified vulnerability in Thalesgroup Safenet Authentication Client 10.7.7/10.8 A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access. | 7.8 |
| 2024-02-27 | CVE-2023-7016 | Unspecified vulnerability in Thalesgroup Safenet Authentication Client 10.7.7/10.8 A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access. | 7.8 |
| 2023-08-16 | CVE-2023-2737 | Incorrect Default Permissions vulnerability in Thalesgroup Safenet Authentication Service 3.4.0 Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | 5.5 |
| 2022-08-02 | CVE-2022-1293 | Cross-site Scripting vulnerability in Thalesgroup Citadel The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. | 6.1 |
| 2022-06-24 | CVE-2021-42056 | Link Following vulnerability in Thalesgroup Safenet Authentication Client 10.7.7 Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | 6.7 |
| 2022-06-10 | CVE-2021-42811 | Path Traversal vulnerability in Thalesgroup Safenet Keysecure 8.12.0/8.12.4 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. | 6.5 |
| 2022-01-19 | CVE-2021-42810 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Safenet Authentication Service Remote Desktop Gateway A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed. | 7.8 |
| 2021-12-20 | CVE-2021-42138 | Insufficient Entropy vulnerability in Thalesgroup Safenet Windows Logon Agent A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. | 6.5 |