Vulnerabilities > Thalesgroup > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-23 | CVE-2024-5264 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Thalesgroup Luna EFT 2.1 Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis | 6.5 |
| 2023-08-16 | CVE-2023-2737 | Incorrect Default Permissions vulnerability in Thalesgroup Safenet Authentication Service 3.4.0 Improper log permissions in SafeNet Authentication Service Version 3.4.0 on Windows allows an authenticated attacker to cause a denial of service via local privilege escalation. | 5.5 |
| 2022-08-02 | CVE-2022-1293 | Cross-site Scripting vulnerability in Thalesgroup Citadel The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. | 6.1 |
| 2022-06-24 | CVE-2021-42056 | Link Following vulnerability in Thalesgroup Safenet Authentication Client 10.7.7 Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | 6.7 |
| 2022-06-10 | CVE-2021-42811 | Path Traversal vulnerability in Thalesgroup Safenet Keysecure 8.12.0/8.12.4 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. | 6.5 |
| 2021-12-20 | CVE-2021-42138 | Insufficient Entropy vulnerability in Thalesgroup Safenet Windows Logon Agent A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. | 6.5 |
| 2021-12-20 | CVE-2021-42808 | Unspecified vulnerability in Thalesgroup Sentinel Protection Installer 7.7.0 Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | 6.7 |
| 2021-06-16 | CVE-2021-28979 | Injection vulnerability in Thalesgroup Safenet Keysecure 8.12.0 SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. | 6.5 |
| 2020-08-21 | CVE-2020-15858 | Path Traversal vulnerability in Thalesgroup products Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers. | 6.4 |
| 2019-10-03 | CVE-2019-15809 | Information Exposure Through Discrepancy vulnerability in multiple products Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. | 4.7 |