12 matches found
CVE-2018-11058
CVE-2018-11058 affects RSA BSAFE Micro Edition Suite (4.0.x before 4.0.11; 4.1.x before 4.1.6) and RSA BSAFE Crypto-C Micro Edition (4.0.x before 4.0.5.3). The issue is a buffer over-read when parsing ASN.1 data, exploitable by remotely crafted ASN.1 input. Connected Nessus entries (e.g., Oracle ...
CVE-2015-0533
CVE-2015-0533 concerns EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x prior to 4.0.8 and 4.1.x prior to 4.1.3, and RSA BSAFE SSL-C 2.8.9 and earlier. It allows remote SSL servers to perform an ECDHE-to-ECDH downgrade by omitting the ServerKeyExchange message, potentially harming forward secrecy. T...
CVE-2016-0923
CVE-2016-0923 affects the EMC RSA BSAFE Micro Edition Suite (MES) client. The vulnerability is that MES 4.0.x (before 4.0.9) and 4.1.x (before 4.1.5) places the weakest signature algorithms first in the signature-algorithm list sent to the server, enabling a remote attacker to defeat cryptographi...
CVE-2015-0537
CVE-2015-0537 concerns an integer underflow in the base64-decoding path of EMC RSA BSAFE MES, RSA BSAFE Crypto-C ME, and RSA BSAFE SSL-C. The issue can trigger memory corruption or a segmentation fault, enabling denial of service or potentially other impact via crafted base64 data. Affected produ...
CVE-2015-0534
CVE-2015-0534 affects multiple EMC RSA BSAFE products where certificate data in the unsigned portion can bypass a fingerprint-based blacklist, allowing remote attackers to defeat the protection mechanism. The initial entry lists affected components: MES 4.0.x (before 4.0.8) and 4.1.x (before 4.1....
CVE-2015-0535
Technical details about CVE-2015-0535 are not provided in the connected documents. Public information that is present covers FREAK generally and related CVEs, but does not specify affected products, versions, or fixes for this exact CVE. Monitor for updates.
CVE-2018-11055
RSA BSAFE Micro Edition Suite (MES) contains an Improper Clearing of Heap Memory Before Release vulnerability in MES versions 4.0.x before 4.0.11 and 4.1.x before 4.1.6.1. Decoded PKCS#12 data in heap memory is not zeroized before memory release, enabling a local attacker to access previously dec...
CVE-2018-15769
CVE-2018-15769 affects RSA BSAFE Micro Edition Suite: versions before 4.0.11 (4.0.x) and before 4.1.6.2 (4.1.x). The issue is a key management flaw that can allow a TLS server using Ephemeral/Anonymous Diffie-Hellman (DHE/ADH) ciphers to cause a Denial-of-Service on TLS clients during the handsha...
CVE-2015-0536
EMC RSA BSAFE MES 4.0.x (before 4.0.8) and 4.1.x (before 4.1.3) and RSA BSAFE SSL-C 2.8.9 and earlier are affected when client authentication and an ephemeral DH ciphersuite are enabled. A ClientKeyExchange message with length zero can cause a denial of service (daemon crash). The vulnerability i...
CVE-2018-11056
The CVE describes a DoS risk in Dell EMC RSA BSAFE Micro Edition Suite (MES) before 4.1.6.1 (4.1.x line) and RSA BSAFE Crypto-C Micro Edition before 4.0.5.3 (4.0.x line). The vulnerability is an Uncontrolled Resource Consumption (Resource Exhaustion) when parsing ASN.1 data, allowing a remote att...
CVE-2018-11054
CVE-2018-11054 affects RSA BSAFE Micro Edition Suite (MES) 4.1.6. An integer overflow vulnerability exists in the MES ASN.1 processing, allowing a remote attacker to trigger a Denial of Service by sending maliciously constructed ASN.1 data. The provided documents confirm the vulnerability details...
CVE-2018-11057
CVE-2018-11057 affects Dell EMC RSA BSAFE Micro Edition Suite (MES) versions before 4.0.11 (in 4.0.x) and before 4.1.6.1 (in 4.1.x). The vulnerability is a covert timing channel during RSA decryption, i.e., Bleichenbacher-style timing leakage, enabling a remote attacker to recover an RSA key. The...