Vulnerabilites related to dell - bsafe_crypto-c-micro-edition
cve-2019-3728
Vulnerability from cvelistv5
Published
2019-09-30 21:48
Modified
2024-09-17 03:03
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/000194054 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:17.519Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "RSA BSAFE MES", vendor: "Dell", versions: [ { lessThan: "4.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-09-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-04T22:32:47", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-09-12", ID: "CVE-2019-3728", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.4", }, ], }, }, { product_name: "RSA BSAFE MES", version: { version_data: [ { version_affected: "<", version_value: "4.4", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.", }, ], }, impact: { cvss: { baseScore: 7.5, baseSeverity: "High", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-125: Out-of-bounds Read", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/000194054", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/000194054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3728", datePublished: "2019-09-30T21:48:40.164927Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-17T03:03:11.526Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3733
Vulnerability from cvelistv5
Published
2019-09-30 21:48
Modified
2024-09-16 23:20
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/000194054 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:18.281Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "RSA BSAFE MES", vendor: "Dell", versions: [ { lessThan: "4.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-09-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-316", description: "CWE-316: Cleartext Storage of Sensitive Information in Memory", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-04T22:32:52", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-09-12", ID: "CVE-2019-3733", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.4", }, ], }, }, { product_name: "RSA BSAFE MES", version: { version_data: [ { version_affected: "<", version_value: "4.4", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, ], }, impact: { cvss: { baseScore: 4.4, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-316: Cleartext Storage of Sensitive Information in Memory", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/000194054", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/000194054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3733", datePublished: "2019-09-30T21:48:40.378291Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T23:20:53.121Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-28074
Vulnerability from cvelistv5
Published
2024-07-31 07:56
Modified
2024-08-20 16:31
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | Dell BSAFE Micro Edition Suite |
Version: 5.0 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2023-28074", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-01T17:45:55.850147Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-01T17:46:14.672Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Dell BSAFE Micro Edition Suite", vendor: "Dell", versions: [ { status: "affected", version: "5.0", }, ], }, { defaultStatus: "unaffected", product: "Dell BSAFE Micro Edition Suite", vendor: "Dell", versions: [ { lessThanOrEqual: "4.6.1", status: "affected", version: "4.0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThanOrEqual: "4.1.5", status: "affected", version: "4.0", versionType: "semver", }, ], }, ], datePublic: "2023-04-13T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.", }, ], value: "Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T16:31:10.234Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000212325/dsa-2023-120-dell-bsafe-micro-edition-suite-security-update", }, ], source: { discovery: "UNKNOWN", }, workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround.<br>", }, ], value: "This issue can be mitigated by a workaround, if customer’s implementations are deemed to be vulnerable. Customers with an active maintenance contract can contact BSAFE Support for details about the workaround.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2023-28074", datePublished: "2024-07-31T07:56:01.652Z", dateReserved: "2023-03-10T05:07:55.140Z", dateUpdated: "2024-08-20T16:31:10.234Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29506
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-17 00:06
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5 and 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385: Covert Timing Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:17:53", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-29506", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 and 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.", }, ], }, impact: { cvss: { baseScore: 6.8, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-385: Covert Timing Channel", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-29506", datePublished: "2022-07-11T19:25:21.332861Z", dateReserved: "2020-12-03T00:00:00", dateUpdated: "2024-09-17T00:06:38.373Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35169
Vulnerability from cvelistv5
Published
2022-07-11 19:26
Modified
2024-09-16 17:37
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:06.723Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5 and 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347: Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:19:32", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-35169", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 and 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.", }, ], }, impact: { cvss: { baseScore: 9.1, baseSeverity: "Critical", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-347: Improper Verification of Cryptographic Signature", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35169", datePublished: "2022-07-11T19:26:03.078535Z", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-09-16T17:37:40.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35166
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-17 01:56
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | BSAFE Crypto-C Micro Edition |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.690Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Dell BSAFE Micro Edition Suite", vendor: "Dell", versions: [ { lessThan: "4.6", status: "affected", version: "0", versionType: "semver", }, ], }, ], datePublic: "2019-09-10T18:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, </span><span style=\"background-color: rgb(255, 255, 255);\">versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.</span>\n\n<br></p>", }, ], value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385: Covert Timing Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T17:01:19.126Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-35166", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 or later", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], }, impact: { cvss: { baseScore: 5.1, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-385: Covert Timing Channel", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35166", datePublished: "2022-07-11T19:25:46.298334Z", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-09-17T01:56:17.672Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35167
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 20:36
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 or 4.1.4.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.931Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5 or 4.1.4.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Information Exposure", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:19:14", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-35167", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 or 4.1.4.1", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], }, impact: { cvss: { baseScore: 4.8, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-200: Information Exposure", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35167", datePublished: "2022-07-11T19:25:51.197478Z", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-09-16T20:36:20.648Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35168
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5, 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T17:02:06.968Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5, 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-311", description: "CWE-311: Missing Encryption of Sensitive Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:19:24", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-35168", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5, 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], }, impact: { cvss: { baseScore: 4.7, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-311: Missing Encryption of Sensitive Data", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35168", datePublished: "2022-07-11T19:25:57.203951Z", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-09-16T16:33:23.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35163
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-17 02:27
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5, 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.642Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5, 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-330", description: "CWE-330: Use of Insufficiently Random Values", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:18:45", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-35163", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5, 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.", }, ], }, impact: { cvss: { baseScore: 5.3, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-330: Use of Insufficiently Random Values", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35163", datePublished: "2022-07-11T19:25:36.649710Z", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-09-17T02:27:00.885Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35164
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 20:51
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.706Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5 and 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385: Covert Timing Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:18:56", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-35164", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 and 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], }, impact: { cvss: { baseScore: 6.7, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-385: Covert Timing Channel", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35164", datePublished: "2022-07-11T19:25:40.941373Z", dateReserved: "2020-12-11T00:00:00", dateUpdated: "2024-09-16T20:51:39.336Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3731
Vulnerability from cvelistv5
Published
2019-09-30 21:48
Modified
2024-09-16 23:56
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/000194054 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:17.482Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "RSA BSAFE MES", vendor: "Dell", versions: [ { lessThan: "4.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-09-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-310", description: "CWE-310: Cryptographic Issues", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-04T22:32:50", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-09-12", ID: "CVE-2019-3731", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.4", }, ], }, }, { product_name: "RSA BSAFE MES", version: { version_data: [ { version_affected: "<", version_value: "4.4", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, ], }, impact: { cvss: { baseScore: 5.9, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-310: Cryptographic Issues", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/000194054", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/000194054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3731", datePublished: "2019-09-30T21:48:40.294314Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T23:56:35.629Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29507
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 20:22
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:09.940Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5 and 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:18:08", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-29507", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 and 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.", }, ], }, impact: { cvss: { baseScore: 5.3, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-29507", datePublished: "2022-07-11T19:25:26.309406Z", dateReserved: "2020-12-03T00:00:00", dateUpdated: "2024-09-16T20:22:19.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-3732
Vulnerability from cvelistv5
Published
2019-09-30 21:48
Modified
2024-09-16 16:37
Severity ?
EPSS score ?
Summary
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.dell.com/support/kbdoc/000194054 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | RSA BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.4 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T19:19:17.604Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "RSA BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, { product: "RSA BSAFE MES", vendor: "Dell", versions: [ { lessThan: "4.4", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2019-09-12T00:00:00", descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385: Covert Timing Channel", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-02-04T22:32:51", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2019-09-12", ID: "CVE-2019-3732", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "RSA BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.4", }, ], }, }, { product_name: "RSA BSAFE MES", version: { version_data: [ { version_affected: "<", version_value: "4.4", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, ], }, impact: { cvss: { baseScore: 5.9, baseSeverity: "Medium", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-385: Covert Timing Channel", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/000194054", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/000194054", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2019-3732", datePublished: "2019-09-30T21:48:40.337065Z", dateReserved: "2019-01-03T00:00:00", dateUpdated: "2024-09-16T16:37:45.300Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29505
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Crypto-C Micro Edition |
Version: unspecified < 4.1.5 and 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:09.925Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5 and 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2022-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-331", description: "CWE-331: Insufficient Entropy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:17:43", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2022-07-06", ID: "CVE-2020-29505", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Crypto-C Micro Edition", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 and 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.", }, ], }, impact: { cvss: { baseScore: 7.1, baseSeverity: "High", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-331: Insufficient Entropy", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-29505", datePublished: "2022-07-11T19:25:17.304277Z", dateReserved: "2020-12-03T00:00:00", dateUpdated: "2024-09-16T22:09:51.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2016-0887
Vulnerability from cvelistv5
Published
2016-04-12 23:00
Modified
2024-08-05 22:38
Severity ?
EPSS score ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/bugtraq/2016/Apr/66 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1035515 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/538055/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id/1035516 | vdb-entry, x_refsource_SECTRACK | |
| http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1035517 | vdb-entry, x_refsource_SECTRACK |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T22:38:39.964Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { name: "1035515", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035515", }, { name: "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { name: "1035516", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035516", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { name: "1035517", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://www.securitytracker.com/id/1035517", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2016-04-11T00:00:00", descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-09T18:57:01", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { name: "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { name: "1035515", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035515", }, { name: "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { name: "1035516", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035516", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { name: "1035517", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://www.securitytracker.com/id/1035517", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security_alert@emc.com", ID: "CVE-2016-0887", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "20160411 ESA-2016-013: RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra's Attack Vulnerability", refsource: "BUGTRAQ", url: "http://seclists.org/bugtraq/2016/Apr/66", }, { name: "1035515", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035515", }, { name: "20160411 ESA-2016-013: RSA BSAFE® Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C Lenstra?s Attack Vulnerability", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { name: "1035516", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035516", }, { name: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { name: "1035517", refsource: "SECTRACK", url: "http://www.securitytracker.com/id/1035517", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2016-0887", datePublished: "2016-04-12T23:00:00", dateReserved: "2015-12-17T00:00:00", dateUpdated: "2024-08-05T22:38:39.964Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-6755
Vulnerability from cvelistv5
Published
2013-10-11 22:00
Modified
2024-08-07 16:18
Severity ?
EPSS score ?
Summary
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html | x_refsource_MISC | |
| http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/ | x_refsource_MISC | |
| https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html | x_refsource_MISC | |
| http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html | x_refsource_MISC | |
| http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect | x_refsource_MISC | |
| http://www.securityfocus.com/bid/63657 | vdb-entry, x_refsource_BID | |
| http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/ | x_refsource_MISC | |
| http://rump2007.cr.yp.to/15-shumow.pdf | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T16:18:20.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", }, { name: "63657", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/63657", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://rump2007.cr.yp.to/15-shumow.pdf", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-08-21T00:00:00", descriptions: [ { lang: "en", value: "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2016-11-25T19:57:01", orgId: "43595867-4340-4103-b7a2-9a5208d29a85", shortName: "oracle", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", }, { tags: [ "x_refsource_MISC", ], url: "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", }, { tags: [ "x_refsource_MISC", ], url: "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", }, { tags: [ "x_refsource_MISC", ], url: "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", }, { name: "63657", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/63657", }, { tags: [ "x_refsource_MISC", ], url: "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", }, { tags: [ "x_refsource_MISC", ], url: "http://rump2007.cr.yp.to/15-shumow.pdf", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert_us@oracle.com", ID: "CVE-2007-6755", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", refsource: "MISC", url: "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", }, { name: "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", refsource: "MISC", url: "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", }, { name: "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", refsource: "MISC", url: "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", }, { name: "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", refsource: "MISC", url: "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", }, { name: "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", refsource: "MISC", url: "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", }, { name: "63657", refsource: "BID", url: "http://www.securityfocus.com/bid/63657", }, { name: "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", refsource: "MISC", url: "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", }, { name: "http://rump2007.cr.yp.to/15-shumow.pdf", refsource: "MISC", url: "http://rump2007.cr.yp.to/15-shumow.pdf", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "43595867-4340-4103-b7a2-9a5208d29a85", assignerShortName: "oracle", cveId: "CVE-2007-6755", datePublished: "2013-10-11T22:00:00", dateReserved: "2013-10-11T00:00:00", dateUpdated: "2024-08-07T16:18:20.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29504
Vulnerability from cvelistv5
Published
2024-02-02 15:58
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | BSAFE Crypto-C Micro Edition |
Version: 0 ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2020-29504", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-05T15:55:54.427840Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:53.230Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.319Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5", status: "affected", version: "0", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Dell BSAFE Micro Edition Suite", vendor: "Dell", versions: [ { lessThan: "4.5.2", status: "affected", version: "0", versionType: "semver", }, ], }, ], datePublic: "2019-09-11T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, </span><span style=\"background-color: rgb(255, 255, 255);\">versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.</span>\n\n", }, ], value: "\nDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-295", description: "CWE-295: Improper Certificate Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-05T16:59:05.062Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-29504", datePublished: "2024-02-02T15:58:57.404Z", dateReserved: "2020-12-03T00:00:00.000Z", dateUpdated: "2024-08-04T16:55:10.319Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-35165
Vulnerability from cvelistv5
Published
2024-05-22 05:56
Modified
2024-08-04 16:55
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Dell | Dell BSAFE Crypto-C Micro Edition |
Version: N/A ≤ |
||||||
|
|||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2020-35165", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T17:10:05.490362Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:12:13.532Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.956Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Dell BSAFE Crypto-C Micro Edition", vendor: "Dell", versions: [ { lessThan: "4.1.5", status: "affected", version: "N/A", versionType: "semver", }, ], }, { defaultStatus: "unaffected", product: "Dell BSAFE Micro Edition Suite", vendor: "Dell", versions: [ { lessThan: "4.6", status: "affected", version: "N/A", versionType: "semver", }, ], }, ], datePublic: "2019-09-11T06:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-208", description: "CWE-208: Observable Timing Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T05:56:50.088Z", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "vendor-advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-35165", datePublished: "2024-05-22T05:56:50.088Z", dateReserved: "2020-12-11T19:26:48.225Z", dateUpdated: "2024-08-04T16:55:10.956Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29508
Vulnerability from cvelistv5
Published
2022-07-11 19:25
Modified
2024-09-16 16:13
Severity ?
EPSS score ?
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Dell BSAFE Micro Edition Suite |
Version: unspecified < 4.1.5 / 4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:55:10.286Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Dell BSAFE Micro Edition Suite", vendor: "Dell", versions: [ { lessThan: "4.1.5 / 4.6", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], datePublic: "2020-07-06T00:00:00", descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-331", description: "CWE-331: Insufficient Entropy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-07-25T16:18:19", orgId: "c550e75a-17ff-4988-97f0-544cde3820fe", shortName: "dell", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secure@dell.com", DATE_PUBLIC: "2020-07-06", ID: "CVE-2020-29508", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Dell BSAFE Micro Edition Suite", version: { version_data: [ { version_affected: "<", version_value: "4.1.5 / 4.6", }, ], }, }, ], }, vendor_name: "Dell", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.", }, ], }, impact: { cvss: { baseScore: 5.3, baseSeverity: "Medium", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-331: Insufficient Entropy", }, ], }, ], }, references: { reference_data: [ { name: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", refsource: "MISC", url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { name: "https://www.oracle.com/security-alerts/cpujul2022.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe", assignerShortName: "dell", cveId: "CVE-2020-29508", datePublished: "2022-07-11T19:25:32.041607Z", dateReserved: "2020-12-03T00:00:00", dateUpdated: "2024-09-16T16:13:48.635Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-09-30 22:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "EFAEB090-BBFF-480A-B6FB-12B456491D0C", versionEndExcluding: "4.0.5.4", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "B84EF48C-635E-415B-A800-DBF5354C56B3", versionEndExcluding: "4.1.4", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A529D6-EFA9-4D73-BA20-550A8F760F3B", versionEndExcluding: "4.0.13", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "091E2050-E137-4175-9904-864CE94B2DA1", versionEndExcluding: "4.4.0", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.", }, { lang: "es", value: "RSA BSAFE Crypto-C Micro Edition versiones anteriores a 4.0.5.4 (en versiones 4.0.x) y 4.1.4 (en versiones 4.1.x) y RSA BSAFE Micro Edition Suite versiones anteriores a 4.0.13 (en versiones 4.0.x) y anteriores a 4.4 (en versiones 4.1.x, 4.2.x, 4.3.x), son susceptibles a una vulnerabilidad de Lectura Excesiva de Búfer al procesar la firma DSA. Un usuario remoto malicioso podría explotar esta vulnerabilidad para causar un bloqueo en la biblioteca del sistema afectado.", }, ], id: "CVE-2019-3728", lastModified: "2024-11-21T04:42:25.033", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-30T22:15:10.373", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-30 22:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "3D2F60F7-BCF1-4953-9D72-263A0C7287BD", versionEndExcluding: "4.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "21A529D6-EFA9-4D73-BA20-550A8F760F3B", versionEndExcluding: "4.0.13", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "091E2050-E137-4175-9904-864CE94B2DA1", versionEndExcluding: "4.4.0", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, { lang: "es", value: "RSA BSAFE Crypto-C Micro Edition versiones anteriores a 4.1.4 y RSA Micro Edition Suite versiones anteriores a 4.4, son vulnerables a una Exposición de Información por Discrepancia de Sincronización. Un usuario remoto malicioso podría explotar esta vulnerabilidad para extraer información dejando los datos en riesgo de exposición.", }, ], id: "CVE-2019-3731", lastModified: "2024-11-21T04:42:25.430", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-30T22:15:10.563", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-310", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | retail_customer_insights | 15.0.2 | |
| oracle | retail_customer_insights | 16.0.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "84735DD4-8297-4476-9013-967E9E323D9F", versionEndExcluding: "4.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*", matchCriteriaId: "3D1C35DF-D30D-42C8-B56D-C809609AB2A4", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*", matchCriteriaId: "834B4CE7-042E-489F-AE19-0EEA2C37E7A8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.5.2, contienen una vulnerabilidad de error en la gestión de claves", }, ], id: "CVE-2020-29505", lastModified: "2024-11-21T05:24:08.260", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.013", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-331", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-331", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "84735DD4-8297-4476-9013-967E9E323D9F", versionEndExcluding: "4.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5.2, contienen una vulnerabilidad de Comprobación de Entrada Inapropiada", }, ], id: "CVE-2020-35169", lastModified: "2024-11-21T05:26:53.670", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.543", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de uso de Valores Insuficientemente Aleatorios", }, ], id: "CVE-2020-35163", lastModified: "2024-11-21T05:26:52.773", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.273", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-330", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-330", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de validación de entrada inadecuada", }, ], id: "CVE-2020-29508", lastModified: "2024-11-21T05:24:08.733", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.207", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-331", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-02-02 16:15
Modified
2024-11-21 05:24
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "84735DD4-8297-4476-9013-967E9E323D9F", versionEndExcluding: "4.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "\nDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Missing Required Cryptographic Step Vulnerability.\n\n", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.5.2, contienen una vulnerabilidad de paso criptográfico requerido faltante.", }, ], id: "CVE-2020-29504", lastModified: "2024-11-21T05:24:08.113", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-02T16:15:44.860", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-295", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-295", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
4.8 (Medium) - CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de Discrepancia de Tiempo Observable", }, ], id: "CVE-2020-35167", lastModified: "2024-11-21T05:26:53.370", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 0.4, impactScore: 4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.437", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de Discrepancia de Tiempo Observable", }, ], id: "CVE-2020-35168", lastModified: "2024-11-21T05:26:53.520", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.487", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-311", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-10-11 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_crypto-j | 5.0 | |
| dell | bsafe_crypto-j | 5.0.1 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "BBC91A27-A2F7-40BD-8C2B-8AD5B042DC1F", versionEndIncluding: "3.0.0.20", versionStartIncluding: "3.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:5.0:*:*:*:*:*:*:*", matchCriteriaId: "40C23A4D-1F95-422E-946B-9063BC5F8395", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:5.0.1:*:*:*:*:*:*:*", matchCriteriaId: "86B6427C-851F-4060-8A09-F6E2955269B1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain \"skeleton key\" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.", }, { lang: "es", value: "El procedimiento por defecto del NIST SP 800-90A del algoritmo Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) contiene puntos constantes Q con una posible relación con ciertos valores \"skeleton key\", lo que podría permitir a atacantes dependientes del contexto romper mecanismos criptográficos de protección mediante el aprovechando del conocimiento de esos valores. NOTA: este es un CVE preliminar para Dual_EC_DRBG, la investigación futura puede brindar detalles adicionales sobre el punto Q y los ataques asociados, y podría potencialmente dar lugar a un RECAST o REJECT de esta CVE.", }, ], id: "CVE-2007-6755", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-10-11T22:55:33.580", references: [ { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://rump2007.cr.yp.to/15-shumow.pdf", }, { source: "secalert_us@oracle.com", tags: [ "Not Applicable", ], url: "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/63657", }, { source: "secalert_us@oracle.com", tags: [ "Third Party Advisory", ], url: "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://rump2007.cr.yp.to/15-shumow.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/63657", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html", }, ], sourceIdentifier: "secalert_us@oracle.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-327", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de Discrepancia de Tiempo Observable", }, ], id: "CVE-2020-35166", lastModified: "2024-11-21T05:26:53.217", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.383", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-385", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:26
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.6, contienen una vulnerabilidad de discrepancia de tiempo observable", }, ], id: "CVE-2020-35164", lastModified: "2024-11-21T05:26:52.947", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 5.2, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.330", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-385", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2016-04-12 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_crypto-j | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_ssl-c | * | |
| dell | bsafe_ssl-j | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "673ED099-C778-4E51-89C4-369490646348", versionEndIncluding: "4.0.5.3", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "42D145F5-46EA-4198-BD59-BB296461324E", versionEndIncluding: "4.1.2", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*", matchCriteriaId: "44D1B34C-998E-46E6-B7CF-EE28C8E5FBC8", versionEndExcluding: "6.2.1", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "5456BD00-766C-4868-9BA5-C8E82B353808", versionEndIncluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "261B4766-7CD0-47F8-997E-706129AA0A5E", versionEndExcluding: "4.1.5", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-c:*:*:*:*:*:*:*:*", matchCriteriaId: "03175755-5E21-4B3A-A329-9F1804CF98CF", versionEndExcluding: "2.8.9", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*", matchCriteriaId: "36CE780D-E392-4543-A531-F6740823C53D", versionEndExcluding: "6.2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.", }, { lang: "es", value: "EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x y 4.1.x en versiones anteriores a 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x y 4.1.x en versiones anteriores a 4.1.3, RSA BSAFE Crypto-J en versiones anteriores a 6.2.1, RSA BSAFE SSL-J en versiones anteriores a 6.2.1 y RSA BSAFE SSL-C en versiones anteriores a 2.8.9 permiten a atacantes remotos descubrir un factor primo de clave privada llevando a cabo un ataque Lenstra de canal lateral que aprovecha el fallo de una aplicación para detectar un fallo de firma RSA durante una sesión TLS.", }, ], id: "CVE-2016-0887", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:H/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2016-04-12T23:59:31.413", references: [ { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { source: "security_alert@emc.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035515", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035516", }, { source: "security_alert@emc.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035517", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://packetstormsecurity.com/files/136656/RSA-BSAFE-Lenstras-Attack.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://seclists.org/bugtraq/2016/Apr/66", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/archive/1/538055/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035515", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035516", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securitytracker.com/id/1035517", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-200", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-30 22:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | * | |
| emc | rsa_bsafe_crypto-c | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "095AE520-E38F-4846-94D5-646C27F7DC72", versionEndExcluding: "4.0.5.3", versionStartIncluding: "4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "2D325BF2-2A0A-4E44-A486-A5EC94483411", versionEndExcluding: "4.0.11", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "85B59096-FD21-4428-A3B5-7B053771A6BD", versionEndExcluding: "4.1.6.1", versionStartIncluding: "4.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "1889D863-AE63-4711-B6F1-54EBFCB1CCCF", versionEndExcluding: "4.3.3", versionStartIncluding: "4.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_crypto-c:*:*:*:*:micro_edition:*:*:*", matchCriteriaId: "C16AC74B-F5CE-496A-9F17-D66FB278659A", versionEndExcluding: "4.1.3.3", versionStartIncluding: "4.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, { lang: "es", value: "RSA BSAFE Crypto-C Micro Edition, versiones anteriores a 4.0.5.3 (en versiones 4.0.x) y versiones anteriores a 4.1.3.3 (en versiones 4.1.x), y RSA Micro Edition Suite, versiones anteriores a 4.0.11 (en versiones 4.0. x), versiones anteriores a 4.1.6.1 (en versiones 4.1.x) y las versiones anteriores a 4.3.3 (versiones 4.2.x y 4.3.x), son vulnerables a una Exposición de Información por Discrepancia de Sincronización. Un usuario remoto malicioso podría explotar esta vulnerabilidad para extraer información dejando los datos en riesgo de exposición.", }, ], id: "CVE-2019-3732", lastModified: "2024-11-21T04:42:25.547", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-30T22:15:10.623", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-385", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "3D2F60F7-BCF1-4953-9D72-263A0C7287BD", versionEndExcluding: "4.1.4", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "1298418C-018B-4C1C-A81C-A5F8525DA6BB", versionEndExcluding: "4.4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.4, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.4, contienen una vulnerabilidad de validación de entrada inadecuada", }, ], id: "CVE-2020-29507", lastModified: "2024-11-21T05:24:08.587", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.147", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-07-11 20:15
Modified
2024-11-21 05:24
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| oracle | database | 12.1.0.2 | |
| oracle | database | 19c | |
| oracle | database | 21c | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | security_service | 12.2.1.3.0 | |
| oracle | security_service | 12.2.1.4.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.3.0 | |
| oracle | weblogic_server_proxy_plug-in | 12.2.1.4.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "84735DD4-8297-4476-9013-967E9E323D9F", versionEndExcluding: "4.5.2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*", matchCriteriaId: "89FE33CE-5995-4C53-8331-B49156F852B3", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*", matchCriteriaId: "C1E05472-8F3A-4E46-90E5-50EA6D555FDC", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*", matchCriteriaId: "02E34416-E767-4F61-8D2C-0D0202351F91", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9FD166F7-8A83-4BC7-A392-E830E87F841B", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:security_service:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D345C2D3-6AA5-4573-8397-ED1EB0153DB9", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.3.0:*:*:*:*:*:*:*", matchCriteriaId: "9A4AE8A2-62D9-4C08-A608-A057895E4E46", vulnerable: true, }, { criteria: "cpe:2.3:a:oracle:weblogic_server_proxy_plug-in:12.2.1.4.0:*:*:*:*:*:*:*", matchCriteriaId: "5E29C004-51D7-4BBE-B28A-EE6B7B10F89F", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a la 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a la 4.5.2, contienen una vulnerabilidad de discrepancia de tiempo observable", }, ], id: "CVE-2020-29506", lastModified: "2024-11-21T05:24:08.427", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 4, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-07-11T20:15:08.083", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "security_alert@emc.com", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-385", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 06:15
Modified
2025-02-06 18:59
Severity ?
5.1 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "6C3D1B15-8F35-4976-8BA0-35816ECE6A92", versionEndExcluding: "4.1.5", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "4AA9AC46-4B4A-4776-A15D-42A0AF64D64E", versionEndExcluding: "4.6", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition, versiones anteriores a 4.1.5, y Dell BSAFE Micro Edition Suite, versiones anteriores a 4.6, contienen una vulnerabilidad de discrepancia de tiempo observable.", }, ], id: "CVE-2020-35165", lastModified: "2025-02-06T18:59:06.710", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.1, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-05-22T06:15:09.317", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000181115/dsa-2020-286-dell-bsafe-crypto-c-micro-edition-4-1-5-and-dell-bsafe-micro-edition-suite-4-6-multiple-security-vulnerabilities", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-208", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-09-30 22:15
Modified
2024-11-21 04:42
Severity ?
Summary
RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security_alert@emc.com | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.dell.com/support/kbdoc/000194054 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| emc | rsa_bsafe_crypto-c | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "17C17138-42CA-4967-BF45-7E371A64E02C", versionEndExcluding: "4.1.4", versionStartIncluding: "4.1", vulnerable: true, }, { criteria: "cpe:2.3:a:emc:rsa_bsafe_crypto-c:*:*:*:*:*:*:*:*", matchCriteriaId: "4E25574C-B309-4113-81D7-B7D873C8C512", versionEndIncluding: "4.0.5.3", versionStartIncluding: "4.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure.", }, { lang: "es", value: "RSA BSAFE Crypto-C Micro Edition, todas las versiones anteriores a 4.1.4, es susceptible a tres (3) vulnerabilidades diferentes de Borrado Inapropiado de la Memoria de la Pila Antes de Liberarla, también se conoce como \"Heap Inspection vulnerability\". Un usuario remoto malicioso podría explotar esta vulnerabilidad para extraer información dejando los datos en riesgo de exposición.", }, ], id: "CVE-2019-3733", lastModified: "2024-11-21T04:42:25.680", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 0.8, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-09-30T22:15:10.687", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/000194054", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-316", }, ], source: "security_alert@emc.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-459", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-31 08:15
Modified
2024-08-20 17:15
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Summary
Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | bsafe_crypto-c-micro-edition | * | |
| dell | bsafe_micro-edition-suite | * | |
| dell | bsafe_micro-edition-suite | 5.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:dell:bsafe_crypto-c-micro-edition:*:*:*:*:*:*:*:*", matchCriteriaId: "016B6D4C-062E-4D93-B3EA-CF5FFCB34ED4", versionEndIncluding: "4.1.5", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:*:*:*:*:*:*:*:*", matchCriteriaId: "C631A71E-7BA9-4375-ADA3-6AB91A737A30", versionEndExcluding: "4.6.2", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:dell:bsafe_micro-edition-suite:5.0:*:*:*:*:*:*:*", matchCriteriaId: "21C6A56D-8CAF-45D5-A1E1-FE70F2584DF5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure.", }, { lang: "es", value: "Dell BSAFE Crypto-C Micro Edition 4.1.5 y Dell BSAFE Micro Edition Suite, versiones 4.0 a 4.6.1 y versión 5.0 contienen una vulnerabilidad de sobrelectura de búfer.", }, ], id: "CVE-2023-28074", lastModified: "2024-08-20T17:15:10.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.6, source: "security_alert@emc.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-31T08:15:02.243", references: [ { source: "security_alert@emc.com", tags: [ "Vendor Advisory", ], url: "https://www.dell.com/support/kbdoc/en-us/000212325/dsa-2023-120-dell-bsafe-micro-edition-suite-security-update", }, ], sourceIdentifier: "security_alert@emc.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "security_alert@emc.com", type: "Primary", }, { description: [ { lang: "en", value: "CWE-125", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }