CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-0536 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0536
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3 y RSA BSAFE SSL... • http://seclists.org/bugtraq/2015/Aug/84 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0537 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0537
17 Aug 2015 — Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service (memory corruption or segmentation fault) or possibly have unspecified other impact via crafted base64 data, a similar issue to CVE-2015-0292. Vulnerabilidad de desbordamiento inferior de entero en la implement... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.9EPSS: 0%CPEs: 7EXPL: 0CVE-2014-4630 – RSA BSAFE Micro Edition Suite / SSL-J Triple Handshake
https://notcve.org/view.php?id=CVE-2014-4630
30 Dec 2014 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.6 y RSA BSAFE SSL-J anterior a 6.1.4 no asegura que el certificado de servidor X.509 sea el mismo durante la rene... • http://archives.neohapsis.com/archives/bugtraq/2014-12/0169.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4191
https://notcve.org/view.php?id=CVE-2014-4191
17 Jun 2014 — The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. La implementación TLS en EMC RSA BSAFE-C Toolkits (también conocido como Share for C and C++) envía una serie larga de bytes aleatorios durante el uso del algoritmo Dual_EC_DRBG, lo que facilita ... • http://dualec.org • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4192
https://notcve.org/view.php?id=CVE-2014-4192
17 Jun 2014 — The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. La implementación Dual_EC_DRBG en EMC RSA BSAFE-C Toolkits (también conocido como Share for C and C++) procesa ciertas solicitudes para bytes ... • http://dualec.org • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4193
https://notcve.org/view.php?id=CVE-2014-4193
17 Jun 2014 — The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755. La implementación TLS en EMC RSA BSAFE-Java Toolkits (también conocido como Share for Java) soporta la extensión Extended Random durante el uso del algoritmo Dual_EC_DRBG, lo que facilita a atacan... • http://dualec.org • CWE-310: Cryptographic Issues •
CVSS: 5.9EPSS: 0%CPEs: 11EXPL: 0CVE-2014-0636 – RSA BSAFE Micro Edition Suite Certificate Chain Processing
https://notcve.org/view.php?id=CVE-2014-0636
11 Apr 2014 — EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x anterior a 3.2.6 y 4.0.x anterior a 4.0.5 no valida debidamente cadenas de certificados X.509, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de una cadena de certificados manipulada. RSA BSAFE MES 3.2.6... • http://archives.neohapsis.com/archives/bugtraq/2014-04/0069.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-0628 – RSA BSAFE Micro Edition Suite (MES) 4.0.x Denial of Service
https://notcve.org/view.php?id=CVE-2014-0628
24 Mar 2014 — The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. El servidor en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x anterior a 4.0.5 no procesa debidamente cadenas de certificados, lo que permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de vectores no especificados. RSA BSAFE MES 4.0.5 contains fix for a se... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0130.html • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0625 – RSA BSAFE SSL-J DoS / Disclosure
https://notcve.org/view.php?id=CVE-2014-0625
17 Feb 2014 — The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. La implementación SSLSocket en las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos causar una denegación de servicio (consu... • http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0626 – RSA BSAFE SSL-J DoS / Disclosure
https://notcve.org/view.php?id=CVE-2014-0626
17 Feb 2014 — The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protección criptográfica mediante el aprovecha... • http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html • CWE-310: Cryptographic Issues •