MidnightBSD

Advisories for safenet-inc

CVE-2009-3861 MEDIUM

Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
safenet-inc softremote 10.7.7
safenet-inc softremote *
safenet-inc softremote 10.8.0
safenet-inc softremote 10.8.3
safenet-inc softremote 10.8.6
safenet-inc softremote 1.9.0
safenet-inc softremote 1.7.7
safenet-inc softremote 1.8.1
safenet-inc softremote 10.3.5
safenet-inc softremote 10.8.2
safenet-inc softremote 1.7.1
safenet-inc softremote 10.8.5
safenet-inc softremote 10.8.1
safenet-inc softremote 10.8.4
safenet-inc softremote 1.7.2
safenet-inc softremote 10.8.7
CVE-2011-3339 MEDIUM

Cross-site scripting (XSS) vulnerability in the Admin Control Center in Sentinel HASP Run-time Environment 5.95 and earlier in SafeNet Sentinel HASP (formerly Aladdin HASP SRM) run-time installer before 6.x and SDK before 5.11, as used in 7 Technologies (7T) IGSS 7 and other products, when Firefox 2.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger write access to a configuration file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
safenet-inc sentinel_hasp_run-time *
safenet-inc sentinel_hasp_sdk *
7t igss 7
CVE-2014-5359 HIGH

Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (dot dot) in the GetFile parameter to owa/owa.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-22,

Products Affected

Vendor Product Version
safenet-inc safenet_authentication_service_outlook_web_access_agent *
CVE-2014-5872 MEDIUM

The SafeNetMobile Pass (aka securecomputing.devices.android.controller) application 8.3.7.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
safenet-inc safenetmobile_pass 8.3.7.11