VYPR
Vendor

Thales

Products
28
CVEs
37
Across products
37
Status
Private

Products

28

Recent CVEs

37
View all 37 CVEs →
  • CVE-2023-31223HigApr 25, 2023
    risk 0.57cvss 8.7epss 0.01

    Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.

  • CVE-2023-26097HigApr 24, 2023
    risk 0.55cvss 8.4epss 0.00

    An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.

  • CVE-2023-26098HigApr 25, 2023
    risk 0.53cvss 8.2epss 0.00

    An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.

  • CVE-2024-0197HigFeb 27, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access.

  • CVE-2023-7016HigFeb 27, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to execute code at a SYSTEM level via local access.

  • CVE-2023-5993HigFeb 27, 2024
    risk 0.51cvss 7.8epss 0.00

    A flaw in the Windows Installer in Thales SafeNet Authentication Client prior to 10.8 R10 on Windows allows an attacker to escalate their privilege level via local access.

  • CVE-2023-51711HigJan 24, 2024
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.

  • CVE-2022-34909HigFeb 27, 2023
    risk 0.50cvss 7.7epss 0.00

    An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.

  • CVE-2021-38616HigSep 7, 2021
    risk 0.50cvss 7.6epss 0.01

    In Eigen NLP 3.10.1, a lack of access control on the /auth/v1/user/{user-guid}/ user edition endpoint could permit any logged-in user to increase their own permissions via a user_permissions array in a PATCH request. A guest user could modify other users' profiles and much more.

  • CVE-2026-6805HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.

  • CVE-2021-38618HigOct 4, 2021
    risk 0.48cvss 7.4epss 0.01

    In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication bypass, allowing anyone (who knows a user's credentials except the password) to get access to an account. This occurs because of JSESSIONID mismanagement.

  • CVE-2021-42138HigDec 20, 2021
    risk 0.47cvss 7.2epss 0.01

    A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine.

  • CVE-2018-18466HigMar 21, 2019
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs (present in the DEBUG folder) that can be accessed by anyone. NOTE: The vendor disputes this…

  • CVE-2021-42056MedJun 24, 2022
    risk 0.44cvss 6.7epss 0.01

    Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high…

  • CVE-2015-1878MedAug 18, 2017
    risk 0.44cvss 6.8epss 0.00

    Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device…

  • CVE-2021-42809MedDec 20, 2021
    risk 0.42cvss 6.5epss 0.00

    Improper Access Control of Dynamically-Managed Code Resources (DLL) in Thales Sentinel Protection Installer could allow the execution of arbitrary code.

  • CVE-2021-42808MedDec 20, 2021
    risk 0.42cvss 6.5epss 0.00

    Improper Access Control in Thales Sentinel Protection Installer could allow a local user to escalate privileges.

  • CVE-2021-28979MedJun 16, 2021
    risk 0.42cvss 6.5epss 0.01

    SafeNet KeySecure Management Console 8.12.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked.

  • CVE-2020-28406MedJan 29, 2021
    risk 0.42cvss 6.5epss 0.01

    An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature.

  • CVE-2020-28401MedJan 29, 2021
    risk 0.42cvss 6.5epss 0.01

    An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to.