cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-34381,https://securityvulnerability.io/vulnerability/CVE-2022-34381,Unmaintained Third-Party Component Vulnerability in Dell BSAFE SSL-J and Crypto-J,"An unmaintained third-party component found in Dell BSAFE SSL-J versions 7.0 and previous versions up to 6.5, alongside Dell BSAFE Crypto-J versions earlier than 6.2.6.1, poses a significant security vulnerability. This flaw allows an unauthenticated remote attacker the potential to exploit the vulnerability, which can lead to serious compromise of affected systems. Users of these products are strongly recommended to upgrade to the secure versions to mitigate associated risks. For more details on the remediation, refer to Dell's security advisory.",Dell,"Dell Bsafe Crypto-j,Dell Bsafe Ssl-j",9.1,CRITICAL,0.0017999999690800905,false,,false,false,false,,,false,false,,2024-02-02T15:30:23.697Z,0
CVE-2019-3740,https://securityvulnerability.io/vulnerability/CVE-2019-3740,,RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.,Dell,Rsa Bsafe Crypto-j,6.5,MEDIUM,0.007300000172108412,false,,false,false,false,,,false,false,,2019-09-18T23:15:00.000Z,0
CVE-2019-3738,https://securityvulnerability.io/vulnerability/CVE-2019-3738,,RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.,Dell,Rsa Bsafe Crypto-j,6.5,MEDIUM,0.007269999943673611,false,,false,false,false,,,false,false,,2019-09-18T23:15:00.000Z,0
CVE-2019-3739,https://securityvulnerability.io/vulnerability/CVE-2019-3739,,RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.,Dell,Rsa Bsafe Crypto-j,6.5,MEDIUM,0.007300000172108412,false,,false,false,false,,,false,false,,2019-09-18T23:15:00.000Z,0
CVE-2018-11070,https://securityvulnerability.io/vulnerability/CVE-2018-11070,,"RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.",Dell,"Rsa Bsafe Crypto-j,Rsa Bsafe Ssl-j",5.9,MEDIUM,0.0016499999910593033,false,,false,false,false,,,false,false,,2018-09-11T19:29:00.000Z,0
CVE-2016-8212,https://securityvulnerability.io/vulnerability/CVE-2016-8212,,"An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.",Dell,Rsa Bsafe Crypto-j Rsa Bsafe Crypto-j Versions Prior To 6.2.2,7.5,HIGH,0.002099999925121665,false,,false,false,false,,,false,false,,2017-02-03T07:24:00.000Z,0
CVE-2016-8217,https://securityvulnerability.io/vulnerability/CVE-2016-8217,,EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible because Crypto-J uses a non-constant-time method to compare the stored MAC with the calculated MAC. This vulnerability is similar to the issue described in CVE-2015-2601.,Dell,Rsa Bsafe Crypto-j Rsa Bsafe Crypto-j Versions Prior To 6.2.2,3.7,LOW,0.0017999999690800905,false,,false,false,false,,,false,false,,2017-02-03T07:24:00.000Z,0
CVE-2016-0887,https://securityvulnerability.io/vulnerability/CVE-2016-0887,,"EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session.",Dell,"Bsafe Crypto-j,Bsafe Ssl-c,Bsafe Crypto-c-micro-edition,Bsafe Micro-edition-suite,Bsafe Ssl-j",5.9,MEDIUM,0.006130000110715628,false,,false,false,false,,,false,false,,2016-04-12T23:59:00.000Z,0
CVE-2007-6755,https://securityvulnerability.io/vulnerability/CVE-2007-6755,,"The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain ""skeleton key"" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values.  NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.",Dell,"Bsafe Crypto-c-micro-edition,Bsafe Crypto-j",,,0.004530000034719706,false,,false,false,false,,,false,false,,2013-10-11T22:00:00.000Z,0