Dell Bsafe Crypto-J vulnerabilities

10 known vulnerabilities affecting dell/bsafe_crypto-j.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM6LOW1

Vulnerabilities

Page 1 of 1
CVE-2025-26333HIGHCVSS 7.5≥ 6.0, < 6.3.1v7.0+1 more2025-09-25
CVE-2025-26333 [MEDIUM] CWE-209 CVE-2025-26333: Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environ Dell BSAFE Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
cvelistv5nvd
CVE-2022-34381CRITICALCVSS 9.8fixed in 6.2.6.12024-02-02
CVE-2022-34381 [CRITICAL] CWE-1329 CVE-2022-34381: Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recom
nvd
CVE-2019-3738MEDIUMCVSS 6.5fixed in 6.2.52019-09-18
CVE-2019-3738 [MEDIUM] CWE-325 CVE-2019-3738: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step v RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
nvd
CVE-2019-3740MEDIUMCVSS 6.5fixed in 6.2.52019-09-18
CVE-2019-3740 [MEDIUM] CWE-310 CVE-2019-3740: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
nvd
CVE-2019-3739MEDIUMCVSS 6.5fixed in 6.2.52019-09-18
CVE-2019-3739 [MEDIUM] CWE-310 CVE-2019-3739: RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Dis RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
nvd
CVE-2018-11070MEDIUMCVSS 5.9fixed in 6.2.42018-09-11
CVE-2018-11070 [MEDIUM] CWE-327 CVE-2018-11070: RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Cov RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key.
nvd
CVE-2016-8212HIGHCVSS 7.5fixed in 6.2.22017-02-03
CVE-2016-8212 [HIGH] CVE-2016-8212: An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely inst
nvd
CVE-2016-8217LOWCVSS 3.7fixed in 6.2.22017-02-03
CVE-2016-8217 [LOW] CVE-2016-8217: EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing Attack Vulnerability. A possible timing attack could be carried out by modifying a PKCS#12 file that has an integrity MAC for which the password is not known. An attacker could then feed the modified PKCS#12 file to the toolkit and guess the current MAC one byte at a time. This is possible becau
nvd
CVE-2016-0887MEDIUMCVSS 5.9fixed in 6.2.12016-04-12
CVE-2016-0887 [MEDIUM] CWE-200 CVE-2016-0887: EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Editi EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an
nvd
CVE-2007-6755MEDIUMCVSS 5.8v5.0v5.0.12013-10-11
CVE-2007-6755 [MEDIUM] CWE-327 CVE-2007-6755: The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE
nvd