Filtered by vendor Dell
Subscribe
Total
1275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0626 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2021-12-09 | 5.0 MEDIUM | N/A |
| The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. | |||||
| CVE-2014-4630 | 1 Dell | 2 Bsafe Micro-edition-suite, Bsafe Ssl-j | 2021-12-09 | 4.3 MEDIUM | N/A |
| EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack." | |||||
| CVE-2014-0625 | 2 Dell, Emc | 2 Bsafe Ssl-j, Rsa Bsafe Ssl-j | 2021-12-09 | 5.0 MEDIUM | N/A |
| The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. | |||||
| CVE-2020-5360 | 2 Dell, Oracle | 5 Bsafe Micro-edition-suite, Database, Http Server and 2 more | 2021-12-09 | 5.0 MEDIUM | 7.5 HIGH |
| Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems. | |||||
| CVE-2020-5359 | 2 Dell, Oracle | 3 Bsafe Micro-edition-suite, Database, Weblogic Server Proxy Plug-in | 2021-12-09 | 5.0 MEDIUM | 5.8 MEDIUM |
| Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to modify and corrupt the encrypted data. | |||||
| CVE-2014-0628 | 1 Dell | 1 Bsafe Micro-edition-suite | 2021-12-09 | 5.0 MEDIUM | N/A |
| The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.5 does not properly process certificate chains, which allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2014-0636 | 1 Dell | 1 Bsafe Micro-edition-suite | 2021-12-09 | 5.8 MEDIUM | N/A |
| EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x before 4.0.5 does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate chain. | |||||
| CVE-2021-36330 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user. | |||||
| CVE-2021-36329 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information. | |||||
| CVE-2021-36328 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database. | |||||
| CVE-2021-36327 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC Streaming Data Platform versions before 1.3 contain a Server Side Request Forgery Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to perform port scanning of internal networks and make HTTP requests to an arbitrary domain of the attacker's choice. | |||||
| CVE-2021-36326 | 1 Dell | 1 Emc Streaming Data Platform | 2021-12-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format. | |||||
| CVE-2014-4192 | 1 Dell | 1 Bsafe Share | 2021-11-30 | 5.0 MEDIUM | N/A |
| The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) processes certain requests for output bytes by considering only the requested byte count and not the use of cached bytes, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. | |||||
| CVE-2014-4191 | 1 Dell | 1 Bsafe Share | 2021-11-30 | 5.0 MEDIUM | N/A |
| The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C and C++) sends a long series of random bytes during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by recovering the algorithm's inner state, a different issue than CVE-2007-6755. | |||||
| CVE-2014-4193 | 1 Dell | 1 Bsafe Share | 2021-11-30 | 5.0 MEDIUM | N/A |
| The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for Java) supports the Extended Random extension during use of the Dual_EC_DRBG algorithm, which makes it easier for remote attackers to obtain plaintext from TLS sessions by requesting long nonces from a server, a different issue than CVE-2007-6755. | |||||
| CVE-2021-36335 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 6.5 MEDIUM | 8.8 HIGH |
| Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server | |||||
| CVE-2021-36334 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 6.0 MEDIUM | 6.8 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine | |||||
| CVE-2021-36333 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 2.1 LOW | 5.5 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. | |||||
| CVE-2021-36332 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 4.9 MEDIUM | 5.4 MEDIUM |
| Dell EMC CloudLink 7.1 and all prior versions contain a HTML and Javascript Injection Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, directing end user to arbitrary and potentially malicious websites. | |||||
| CVE-2021-36314 | 1 Dell | 1 Emc Cloud Link | 2021-11-27 | 7.5 HIGH | 9.8 CRITICAL |
| Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. | |||||