25 matches found
EUVD-2017-3114
Malware in sbrugna...
Gemalto HASP SRM, Sentinel HASP and Sentinel LDK Cross-Site Scripting Vulnerabilities
Gemalto HASP SRM, Sentinel HASP and Sentinel LDK are products of Gemalto, Inc. Gemalto HASP SRM and Sentinel HASP are cryptographic lock drivers. License Manager service is one of the license management services. A cross-site scripting vulnerability exists in the License Manager service in Gemalt...
Cross site scripting
The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center ACC for cross-site scripting XSS vulnerability...
CVE-2018-8900
CVE-2018-8900 affects Gemalto HASP SRM, Sentinel HASP, and Sentinel LDK licenses. The License Manager service (ACC) is vulnerable to cross-site scripting (XSS) in the logs page. Affected versions are listed variably across sources: CNVD cites 2.10–7.66; NVD notes all versions prior to Sentinel LD...
Gemalto HASP SRM, Sentinel HASP and Sentinel LDK Remote Code Execution Vulnerabilities
Gemalto HASP SRM and Sentinel HASP are both cryptographic lock drivers from Gemalto, U.S.A. Sentinel LDK is a license management tool. A remote code execution vulnerability exists in Gemalto HASP SRM, Sentinel HASP, and Sentinel LDK RTE versions prior to 7.6. A remote attacker could exploit this...
CVE-2017-12822
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...
CVE-2017-12818
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service...
CVE-2017-12819
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55...
CVE-2017-12821
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution...
Design/Logic Flaw
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...
Stack overflow
Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service...
CVE-2017-12822
Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors...
Memory corruption
Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 might cause remote code execution...
Null pointer dereference
Arbitrary memory read from controlled memory pointer in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to remote denial of service...
Design/Logic Flaw
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55...
CVE-2017-12819
Remote manipulations with language pack updater lead to NTLM-relay attack for system user in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55...
CVE-2017-12822
CVE-2017-12822 affects Gemalto’s HASP SRM, Sentinel HASP and Sentinel LDK prior to Sentinel LDK RTE 7.55. The NEAR-term root cause is an improper access control flaw that allows the administrative interface to be remotely enabled and disabled without authentication, potentially expanding the atta...
CVE-2017-12818
CVE-2017-12818 is the Sentinel/ Gemalto vulnerability: a stack-based buffer overflow in the custom XML-parser of Sentinel HASP SRM, Sentinel HASP, and Sentinel LDK runtime (prior to LDK RTE 7.55). Impact per ICS-CERT: remote code execution or denial of service. Affected products include HASP SRM/...
CVE-2017-12821
CVE-2017-12821 is a memory corruption vulnerability in Gemalto SafeNet Sentinel HASP/Sentinel LDK technology (HASP SRM, Sentinel HASP, Sentinel LDK) that could lead to remote code execution. Affected component is the Sentinel LDK Run-Time Environment (RTE) prior to 7.55; exploitation would arise ...
CVE-2017-12819
CVE-2017-12819 refers to remote manipulation of the Gemalto SafeNet Sentinel language-pack updater, enabling NTLM-relay attacks for the system user in HASP SRM, Sentinel HASP and Sentinel LDK before Sentinel LDK RTE 7.55. Connected advisories corroborate remote NTLM-relay risk and advise upgradin...