CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11057 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11057
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x) contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como at... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 0CVE-2018-11058 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11058
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6 (en las 4.1.0); y RSA BSAFE Crypto-C Micro Edition, en versiones anterio... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-4981 – RSA BSAFE Cert-C Improper Certificate Processing
https://notcve.org/view.php?id=CVE-2017-4981
14 Jun 2017 — EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper certificate processing vulnerability. RSA BSAFE Cert-C anterior a versión 2.9.0.5 de EMC, contiene una potencial vulnerabilidad de procesamiento inapropiado de certificado. RSA BSAFE Cert-C is affected by a potential improper certificate processing vulnerability. The vulnerability is caused by a faulty certificate processing logic that may potentially cause a crash in RSA BSAFE Cert-C. Versions prior to 2.9.0.5 are affected. • http://www.securityfocus.com/archive/1/540720/30/0/threaded • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8212 – RSA BSAFE Crypto-J Cryptography Failure
https://notcve.org/view.php?id=CVE-2016-8212
28 Jan 2017 — An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. • http://www.securityfocus.com/archive/1/540066/30/0/threaded • CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8217 – RSA BSAFE Crypto-J Cryptography Failure
https://notcve.org/view.php?id=CVE-2016-8217
28 Jan 2017 — EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described ... • http://www.securityfocus.com/archive/1/540066/30/0/threaded • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0923 – RSA BSAFE Micro Edition Suite SLOTH Updates
https://notcve.org/view.php?id=CVE-2016-0923
15 Sep 2016 — The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. El cliente en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.9 y 4.1.x en versiones anteriores a 4.1.5 sitúa los algoritmos mas débiles pri... • http://seclists.org/bugtraq/2016/Sep/25 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2016-0887 – RSA BSAFE Lenstra's Attack
https://notcve.org/view.php?id=CVE-2016-0887
11 Apr 2016 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a ... • http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0533 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0533
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, permite a servidores SSL ... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0534 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0534
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versi... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0535 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0535
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3 y RSA BSAFE SSL-C ... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •