Vendor CVEs
Safenet
All CVEs
26 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7967 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7966 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. | ||
| CVE-2015-7965 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. | ||
| CVE-2015-7964 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7963 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7962 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7961 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7598 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7597 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2015-7596 | Hig | 0.51 | 7.8 | 0.00 | Mar 2, 2018 | SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | ||
| CVE-2009-1943 | 0.09 | — | 0.72 | Jun 5, 2009 | Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. | |||
| CVE-2005-0353 | 0.09 | — | 0.71 | May 2, 2005 | Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093. | |||
| CVE-2007-6483 | 0.04 | — | 0.10 | Dec 20, 2007 | Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||
| CVE-2007-3157 | 0.04 | — | 0.09 | Jun 11, 2007 | IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for… | |||
| CVE-2009-3861 | 0.03 | — | 0.04 | Nov 4, 2009 | Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd). | |||
| CVE-2008-5121 | 0.03 | — | 0.01 | Nov 18, 2008 | dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl… | |||
| CVE-2008-0760 | 0.03 | — | 0.03 | Feb 13, 2008 | Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an… | |||
| CVE-2008-0573 | 0.03 | — | 0.01 | Feb 5, 2008 | IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request. | |||
| CVE-2021-28979 | 0.00 | — | 0.01 | Jun 16, 2021 | SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. | |||
| CVE-2019-18232 | 0.00 | — | 0.00 | Dec 11, 2019 | SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using… | |||
| CVE-2019-15809 | 0.00 | — | 0.00 | Oct 3, 2019 | Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to… | |||
| CVE-2014-5359 | 0.00 | — | 0.04 | Dec 16, 2014 | Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa. | |||
| CVE-2014-5872 | 0.00 | — | 0.00 | Sep 11, 2014 | The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2011-3339 | 0.00 | — | 0.01 | Dec 17, 2011 | Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other… | |||
| CVE-2005-0346 | 0.00 | — | 0.00 | May 2, 2005 | SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process. | |||
| CVE-2002-2225 | 0.00 | — | 0.03 | Dec 31, 2002 | SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflows using (1) a large Security Parameter Index (SPI) field, (2) a large number of… |
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- risk 0.51cvss 7.8epss 0.00
SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module.
- CVE-2009-1943Jun 5, 2009risk 0.09cvss —epss 0.72
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.
- CVE-2005-0353May 2, 2005risk 0.09cvss —epss 0.71
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
- CVE-2007-6483Dec 20, 2007risk 0.04cvss —epss 0.10
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.0.0 through 7.4.0 and possibly earlier versions, and Sentinel Keys Server 1.0.3 and possibly earlier versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the query string.
- CVE-2007-3157Jun 11, 2007risk 0.04cvss —epss 0.09
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for…
- CVE-2009-3861Nov 4, 2009risk 0.03cvss —epss 0.04
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).
- CVE-2008-5121Nov 18, 2008risk 0.03cvss —epss 0.01
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl…
- CVE-2008-0760Feb 13, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in SafeNet Sentinel Protection Server 7.4.1.0 and earlier, and Sentinel Keys Server 1.0.4.0 and earlier, allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI. NOTE: this issue reportedly exists because of an…
- CVE-2008-0573Feb 5, 2008risk 0.03cvss —epss 0.01
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request.
- CVE-2021-28979Jun 16, 2021risk 0.00cvss —epss 0.01
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.
- CVE-2019-18232Dec 11, 2019risk 0.00cvss —epss 0.00
SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using…
- CVE-2019-15809Oct 3, 2019risk 0.00cvss —epss 0.00
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to…
- CVE-2014-5359Dec 16, 2014risk 0.00cvss —epss 0.04
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.
- CVE-2014-5872Sep 11, 2014risk 0.00cvss —epss 0.00
The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2011-3339Dec 17, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other…
- CVE-2005-0346May 2, 2005risk 0.00cvss —epss 0.00
SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.
- CVE-2002-2225Dec 31, 2002risk 0.00cvss —epss 0.03
SafeNet VPN client allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly involving buffer overflows using (1) a large Security Parameter Index (SPI) field, (2) a large number of…