CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-15769 – RSA BSAFE Micro Edition Suite Key Management Error
https://notcve.org/view.php?id=CVE-2018-15769
12 Nov 2018 — RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used. RSA BSAFE Micro Edition Suite en versiones anteriores a la 4.0.11 (en la serie 4.0.x) y las versiones anter... • http://www.securityfocus.com/bid/105929 •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2018-11054 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11054
29 Aug 2018 — RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service. RSA BSAFE Micro Edition Suite, en su versión 4.1.6, contiene una vulnerabilidad de desbordamiento de enteros. Un atacante remoto podría emplear datos ASN.1 construidos de forma maliciosa para provocar una denegación de servicio (DoS). RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition suffer from resource exha... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11055 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11055
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x)... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0CVE-2018-11056 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11056
29 Aug 2018 — RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.1.6.1 (en las 4.1.x) y RSA BSAFE Crypto-C Micro Edition en versiones anter... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.9EPSS: 0%CPEs: 24EXPL: 0CVE-2018-11057 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11057
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6.1 (en las 4.1.x) contiene una vulnerabilidad de canal de tiempo oculto durante el descifrado RSA. Esto también se conoce como at... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 9.8EPSS: 1%CPEs: 25EXPL: 0CVE-2018-11058 – RSA BSAFE Micro Edition Suite / Crypto-C Micro Edition Overflow / DoS
https://notcve.org/view.php?id=CVE-2018-11058
29 Aug 2018 — RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue. RSA BSAFE Micro Edition Suite, en versiones anteriores a la 4.0.11 (en las 4.0.x) y anteriores a la 4.1.6 (en las 4.1.0); y RSA BSAFE Crypto-C Micro Edition, en versiones anterio... • http://seclists.org/fulldisclosure/2018/Aug/46 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0923 – RSA BSAFE Micro Edition Suite SLOTH Updates
https://notcve.org/view.php?id=CVE-2016-0923
15 Sep 2016 — The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.9 and 4.1.x before 4.1.5 places the weakest algorithms first in a signature-algorithm list transmitted to a server, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging server behavior in which the first algorithm is used. El cliente en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.9 y 4.1.x en versiones anteriores a 4.1.5 sitúa los algoritmos mas débiles pri... • http://seclists.org/bugtraq/2016/Sep/25 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0533 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0533
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger a loss of forward secrecy by omitting the ServerKeyExchange message, a similar issue to CVE-2014-3572. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3 y RSA BSAFE SSL-C 2.8.9 y versiones anteriores, permite a servidores SSL ... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0534 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0534
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce certain constraints on certificate data, which allows remote attackers to defeat a fingerprint-based certificate-blacklist protection mechanism by including crafted data within a certificate's unsigned portion, a similar issue to CVE-2014-8275. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versi... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0535 – RSA BSAFE Crypto Attacks / Denial of Service
https://notcve.org/view.php?id=CVE-2015-0535
17 Aug 2015 — EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a similar issue to CVE-2015-0204. Vulnerabilidad en EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x en versiones anteriores a 4.0.8 y 4.1.x en versiones anteriores a 4.1.3 y RSA BSAFE SSL-C ... • http://seclists.org/bugtraq/2015/Aug/84 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •