Safenet-incCVEs & Vulnerabilities

5 CVEs affecting Safenet-inc products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

softremote 28safenet authentication service outlook web access agent 1safenetmobile pass 1sentinel hasp run-time 1sentinel hasp sdk 1softremote1.4 1
CVE-2014-5359HIGH

Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.

16 Dec 2014
7.8
CVSS
CVE-2014-5872MEDIUM

The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

11 Sep 2014
5.4
CVSS
CVE-2011-3339MEDIUM

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.

17 Dec 2011
4.3
CVSS
CVE-2009-3861MEDIUMpoc

Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).

4 Nov 2009
6.9
CVSS
CVE-2009-1943CRITICALpoc

Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.

6 Jun 2009
10.0
CVSS
← PrevPage 1 / 1Next →