Thales
Products
28- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
Recent CVEs
37| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-31223 | Hig | 0.57 | 8.7 | 0.01 | Apr 25, 2023 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | ||
| CVE-2023-26097 | Hig | 0.55 | 8.4 | 0.00 | Apr 24, 2023 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | ||
| CVE-2023-26098 | Hig | 0.53 | 8.2 | 0.00 | Apr 25, 2023 | An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | ||
| CVE-2024-0197 | Hig | 0.51 | 7.8 | 0.00 | Feb 27, 2024 | A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access. | ||
| CVE-2023-7016 | Hig | 0.51 | 7.8 | 0.00 | Feb 27, 2024 | A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access. | ||
| CVE-2023-5993 | Hig | 0.51 | 7.8 | 0.00 | Feb 27, 2024 | A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access. | ||
| CVE-2023-51711 | Hig | 0.51 | 7.8 | 0.00 | Jan 24, 2024 | An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed. | ||
| CVE-2022-34909 | Hig | 0.50 | 7.7 | 0.00 | Feb 27, 2023 | An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | ||
| CVE-2021-38616 | Hig | 0.50 | 7.6 | 0.01 | Sep 7, 2021 | In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more. | ||
| CVE-2026-6805 | Hig | 0.49 | 7.5 | 0.00 | May 7, 2026 | Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link. | ||
| CVE-2021-38618 | Hig | 0.48 | 7.4 | 0.01 | Oct 4, 2021 | In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement. | ||
| CVE-2021-42138 | Hig | 0.47 | 7.2 | 0.01 | Dec 20, 2021 | A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. | ||
| CVE-2018-18466 | Hig | 0.46 | 7.0 | 0.00 | Mar 21, 2019 | An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this… | ||
| CVE-2021-42056 | Med | 0.44 | 6.7 | 0.01 | Jun 24, 2022 | Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high… | ||
| CVE-2015-1878 | Med | 0.44 | 6.8 | 0.00 | Aug 18, 2017 | Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device… | ||
| CVE-2021-42809 | Med | 0.42 | 6.5 | 0.00 | Dec 20, 2021 | Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code. | ||
| CVE-2021-42808 | Med | 0.42 | 6.5 | 0.00 | Dec 20, 2021 | Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges. | ||
| CVE-2021-28979 | Med | 0.42 | 6.5 | 0.01 | Jun 16, 2021 | SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. | ||
| CVE-2020-28406 | Med | 0.42 | 6.5 | 0.01 | Jan 29, 2021 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature. | ||
| CVE-2020-28401 | Med | 0.42 | 6.5 | 0.01 | Jan 29, 2021 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to. |
- risk 0.57cvss 8.7epss 0.01
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
- risk 0.55cvss 8.4epss 0.00
An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.
- risk 0.53cvss 8.2epss 0.00
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.
- risk 0.51cvss 7.8epss 0.00
A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.
- risk 0.51cvss 7.8epss 0.00
A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.
- risk 0.51cvss 7.8epss 0.00
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.
- risk 0.50cvss 7.7epss 0.00
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.
- risk 0.50cvss 7.6epss 0.01
In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.
- risk 0.49cvss 7.5epss 0.00
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
- risk 0.48cvss 7.4epss 0.01
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.
- risk 0.47cvss 7.2epss 0.01
A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.
- risk 0.46cvss 7.0epss 0.00
An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this…
- risk 0.44cvss 6.7epss 0.01
Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high…
- risk 0.44cvss 6.8epss 0.00
Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device…
- risk 0.42cvss 6.5epss 0.00
Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.
- risk 0.42cvss 6.5epss 0.00
Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.
- risk 0.42cvss 6.5epss 0.01
SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.
- risk 0.42cvss 6.5epss 0.01
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.
- risk 0.42cvss 6.5epss 0.01
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.