Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-3738

Summary
Assigner-dell
Assigner Org ID-c550e75a-17ff-4988-97f0-544cde3820fe
Published At-18 Sep, 2019 | 22:23
Updated At-16 Sep, 2024 | 19:01
Rejected At-
Credits

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dell
Assigner Org ID:c550e75a-17ff-4988-97f0-544cde3820fe
Published At:18 Sep, 2019 | 22:23
Updated At:16 Sep, 2024 | 19:01
Rejected At:
▼CVE Numbering Authority (CNA)

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

Affected Products
Vendor
Dell Inc.Dell
Product
RSA BSAFE Crypto-J
Versions
Affected
  • prior to 6.2.5
Problem Types
TypeCWE IDDescription
CWECWE-325CWE-325: Missing Required Cryptographic Step
Type: CWE
CWE ID: CWE-325
Description: CWE-325: Missing Required Cryptographic Step
Metrics
VersionBase scoreBase severityVector
3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10318
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_refsource_MISC
Hyperlink: https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10318
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.oracle.com/security-alerts/cpujul2020.html
x_refsource_MISC
x_transferred
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
x_refsource_MISC
x_transferred
https://kc.mcafee.com/corporate/index?page=content&id=SB10318
x_refsource_CONFIRM
x_transferred
https://www.oracle.com/security-alerts/cpuApr2021.html
x_refsource_MISC
x_transferred
https://www.oracle.com//security-alerts/cpujul2021.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpuoct2021.html
x_refsource_MISC
x_transferred
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10318
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security_alert@emc.com
Published At:18 Sep, 2019 | 23:15
Updated At:07 Nov, 2023 | 03:10

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Secondary3.06.5MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.0
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches
Dell Inc.
dell
>>bsafe_cert-j>>Versions up to 6.2.4(inclusive)
cpe:2.3:a:dell:bsafe_cert-j:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>bsafe_crypto-j>>Versions before 6.2.5(exclusive)
cpe:2.3:a:dell:bsafe_crypto-j:*:*:*:*:*:*:*:*
Dell Inc.
dell
>>bsafe_ssl-j>>Versions up to 6.2.4.1(inclusive)
cpe:2.3:a:dell:bsafe_ssl-j:*:*:*:*:*:*:*:*
McAfee, LLC
mcafee
>>threat_intelligence_exchange_server>>Versions from 2.0.0(inclusive) to 2.3.1(inclusive)
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*
McAfee, LLC
mcafee
>>threat_intelligence_exchange_server>>3.0.0
cpe:2.3:a:mcafee:threat_intelligence_exchange_server:3.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_performance_management>>13.3.0.0
cpe:2.3:a:oracle:application_performance_management:13.3.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_performance_management>>13.4.0.0
cpe:2.3:a:oracle:application_performance_management:13.4.0.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_network_integrity>>7.3.2
cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_network_integrity>>7.3.5
cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_network_integrity>>7.3.6
cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.3.2
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.3.4
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.3.5
cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.4.0
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>communications_unified_inventory_management>>7.4.1
cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database>>12.1.0.2
cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>database>>12.2.0.1
cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>database>>18c
cpe:2.3:a:oracle:database:18c:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>database>>19c
cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*
Oracle Corporation
oracle
>>goldengate>>Versions before 19.1.0.0.0.210420(exclusive)
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>goldengate>>19.1.0.0.0.210420
cpe:2.3:a:oracle:goldengate:19.1.0.0.0.210420:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_assortment_planning>>15.0.3.0
cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_assortment_planning>>16.0.3.0
cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_integration_bus>>14.1
cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_integration_bus>>15.0
cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_integration_bus>>16.0
cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_predictive_application_server>>14.1.3.0
cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_predictive_application_server>>15.0.3.0
cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_predictive_application_server>>16.0.3.0
cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_service_backbone>>14.1
cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_service_backbone>>15.0
cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_service_backbone>>16.0
cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_store_inventory_management>>14.0.4
cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_store_inventory_management>>14.1.3
cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_store_inventory_management>>15.0.3
cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_store_inventory_management>>16.0.3
cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_xstore_point_of_service>>15.0.3
cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_xstore_point_of_service>>16.0.5
cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.5:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_xstore_point_of_service>>17.0.3
cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.3:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_xstore_point_of_service>>18.0.2
cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>retail_xstore_point_of_service>>19.0.1
cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>storagetek_tape_analytics_sw_tool>>2.3
cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-325Primarysecurity_alert@emc.com
CWE-347Secondarynvd@nist.gov
CWE ID: CWE-325
Type: Primary
Source: security_alert@emc.com
CWE ID: CWE-347
Type: Secondary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kc.mcafee.com/corporate/index?page=content&id=SB10318security_alert@emc.com
Third Party Advisory
https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilitiessecurity_alert@emc.com
N/A
https://www.oracle.com//security-alerts/cpujul2021.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.htmlsecurity_alert@emc.com
Patch
Third Party Advisory
Hyperlink: https://kc.mcafee.com/corporate/index?page=content&id=SB10318
Source: security_alert@emc.com
Resource:
Third Party Advisory
Hyperlink: https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE&#174%3B-Crypto-J-Multiple-Security-Vulnerabilities
Source: security_alert@emc.com
Resource: N/A
Hyperlink: https://www.oracle.com//security-alerts/cpujul2021.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuApr2021.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuapr2022.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpujul2020.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2020.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://www.oracle.com/security-alerts/cpuoct2021.html
Source: security_alert@emc.com
Resource:
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

227Records found
CVE-2021-22924
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-3.7||LOW
EPSS-0.63% / 69.37%
||
7 Day CHG~0.00%
Published-05 Aug, 2021 | 20:16
Updated-09 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.

Action-Not Available
Vendor-n/aOracle CorporationNetApp, Inc.Fedora ProjectSplunk LLC (Cisco Systems, Inc.)CURLSiemens AGDebian GNU/Linux
Product-scalance_m804pbsimatic_cp_1545-1_firmwarescalance_m826-2simatic_rtu_3041cscalance_m804pb_firmwarescalance_mum856-1_firmwarescalance_m812-1fedoralibcurlsolidfire_\&_hci_management_nodescalance_m874-2simatic_cp_1543-1_firmwaresiplus_net_cp_1543-1_firmwaredebian_linuxcloud_backupsinec_infrastructure_network_servicessimatic_rtu_3041c_firmwarescalance_m876-3simatic_rtu3031c_firmwaresimatic_rtu3031cruggedcomrm_1224_ltescalance_m876-4_firmwarescalance_m876-4scalance_s615simatic_rtu3030cscalance_mum856-1simatic_rtu3010clogo\!_cmr2020logo\!_cmr2040scalance_m826-2_firmwareuniversal_forwarderruggedcomrm_1224_lte_firmwarelogo\!_cmr2020_firmwarescalance_m816-1scalance_m816-1_firmwaremysql_serversinema_remote_connect_serverclustered_data_ontaplogo\!_cmr2040_firmwarescalance_m874-3_firmwaresimatic_cp_1545-1solidfire_baseboard_management_controller_firmwarescalance_s615_firmwarepeoplesoft_enterprise_peopletoolssinema_remote_connectsimatic_cp_1543-1scalance_m874-2_firmwarescalance_m874-3scalance_m812-1_firmwaresimatic_rtu3010c_firmwarescalance_m876-3_firmwaresiplus_net_cp_1543-1simatic_rtu3030c_firmwarehttps://github.com/curl/curl
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2021-22897
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.76% / 72.36%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 15:49
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.

Action-Not Available
Vendor-n/aNetApp, Inc.Oracle CorporationSplunk LLC (Cisco Systems, Inc.)CURLSiemens AG
Product-communications_cloud_native_core_service_communication_proxyh300ecommunications_cloud_native_core_network_slice_selection_functioncommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backupsolidfire_\&_hci_management_nodeh500sh300s_firmwarecommunications_cloud_native_core_network_repository_functionh410ssolidfire_baseboard_management_controller_firmwarecurlhci_compute_nodeh300suniversal_forwarderh300e_firmwaresinec_infrastructure_network_servicesessbaseh500eh410s_firmwareh700s_firmwareh500s_firmwareh500e_firmwarecommunications_cloud_native_core_binding_support_functionh700esolidfire\,_enterprise_sds_\&_hci_storage_nodehci_compute_node_firmwareh700e_firmwareh700smysql_serverhttps://github.com/curl/curl
CWE ID-CWE-840
Not Available
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2013-5790
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-2.83% / 85.62%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to BEANS.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Oracle Corporation
Product-jrejdkn/a
CVE-2021-2439
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.31%
||
7 Day CHG~0.00%
Published-20 Jul, 2021 | 22:44
Updated-25 Sep, 2024 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). Supported versions that are affected are 11.1.2.4 and 11.2.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hyperion BI+. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hyperion BI+ accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-hyperion_bi\+Hyperion BI+
CVE-2021-2007
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-3.7||LOW
EPSS-0.50% / 64.97%
||
7 Day CHG~0.00%
Published-20 Jan, 2021 | 14:50
Updated-26 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).

Action-Not Available
Vendor-MariaDB FoundationFedora ProjectNetApp, Inc.Oracle Corporation
Product-mariadbfedoraactive_iq_unified_manageroncommand_workflow_automationmysqloncommand_insightMySQL Server
CVE-2020-9488
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-3.7||LOW
EPSS-0.02% / 4.16%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 15:36
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

Action-Not Available
Vendor-qosThe Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-retail_bulk_data_integrationpeoplesoft_enterprise_peopletoolsprimavera_unifierreload4jretail_assortment_planningstoragetek_acslspolicy_automationfinancial_services_retail_customer_analyticsfinancial_services_price_creation_and_discoverycommunications_eagle_ftp_table_base_retrievalcommunications_application_session_controllerinsurance_policy_administration_j2eepolicy_automation_for_mobile_devicesspatial_and_graphfinancial_services_analytical_applications_infrastructurecommunications_unified_inventory_managementretail_advanced_inventory_planningcommunications_services_gatekeeperretail_order_broker_cloud_serviceinsurance_insbridge_rating_and_underwritingretail_customer_management_and_segmentation_foundationretail_predictive_application_serverjd_edwards_world_securityinsurance_rules_palettecommunications_billing_and_revenue_managementcommunications_offline_mediation_controllerenterprise_manager_for_peoplesoftsiebel_apps_-_marketingsiebel_ui_frameworkflexcube_private_bankingretail_integration_busretail_eftlinkutilities_frameworkoracle_goldengate_application_adaptersfinancial_services_institutional_performance_analyticspolicy_automation_connector_for_siebelstoragetek_tape_analytics_sw_toolretail_insights_cloud_service_suiteweblogic_serverdebian_linuxhealth_sciences_information_managerflexcube_core_bankingretail_xstore_point_of_servicelog4jfinancial_services_market_risk_measurement_and_managementdata_integratorApache Log4j
CWE ID-CWE-295
Improper Certificate Validation
CVE-2020-5373
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 50.61%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 19:30
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device.

Action-Not Available
Vendor-Dell Inc.
Product-emc_omimssc_for_sccmemc_omimssc_for_scvmmOMIMSSC (OpenManage Integration for Microsoft System Center)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2016-8966
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.22% / 44.15%
||
7 Day CHG~0.00%
Published-01 Feb, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.

Action-Not Available
Vendor-Linux Kernel Organization, IncOracle CorporationHP Inc.IBM CorporationMicrosoft Corporation
Product-bigfix_inventorylicense_metric_toolaixsolarishp-uxlinux_kernelwindowsBigFix Inventory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-34366
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 37.63%
||
7 Day CHG~0.00%
Published-10 Feb, 2023 | 19:18
Updated-24 Mar, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information.

Action-Not Available
Vendor-Dell Inc.
Product-supportassist_for_home_pcsSupportAssist Client Consumer
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CWE ID-CWE-697
Incorrect Comparison
CVE-2018-11039
Matching Score-8
Assigner-Dell
ShareView Details
Matching Score-8
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-2.92% / 85.86%
||
7 Day CHG~0.00%
Published-25 Jun, 2018 | 15:00
Updated-16 Sep, 2024 | 22:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Action-Not Available
Vendor-Oracle CorporationDebian GNU/LinuxVMware (Broadcom Inc.)
Product-communications_diameter_signaling_routercommunications_network_integrityretail_assortment_planningendeca_information_discovery_integratorhealthcare_master_person_indexagile_plmcommunications_performance_intelligence_centerretail_markdown_optimizationretail_clearance_optimization_enginecommunications_online_mediation_controllercommunications_unified_inventory_managementapplication_testing_suiteenterprise_manager_ops_centercommunications_services_gatekeeperretail_advanced_inventory_planningretail_predictive_application_serverinsurance_rules_paletteenterprise_manager_for_mysql_databaseretail_customer_insightsretail_financial_integrationretail_integration_busutilities_network_management_systemspring_frameworkprimavera_p6_enterprise_project_portfolio_managementdebian_linuxweblogic_serverhealth_sciences_information_managermysql_enterprise_monitorretail_xstore_point_of_servicehospitality_guest_accessinsurance_calculation_enginemicros_lucasenterprise_manager_base_platformSpring Framework
CVE-2015-4912
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.48%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2023-25934
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-5.9||MEDIUM
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 06:58
Updated-29 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.

Action-Not Available
Vendor-Dell Inc.
Product-elastic_cloud_storageECS
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2016-8021
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-5||MEDIUM
EPSS-2.85% / 85.69%
||
7 Day CHG~0.00%
Published-14 Mar, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper verification of cryptographic signature vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to spoof update server and execute arbitrary code via a crafted input file.

Action-Not Available
Vendor-McAfee, LLCIntel Corporation
Product-virusscan_enterpriseVirusScan Enterprise Linux (VSEL)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-22461
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.48%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 13:25
Updated-04 Feb, 2025 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system.

Action-Not Available
Vendor-Dell Inc.
Product-recoverpoint_for_virtual_machinesRecoverPoint for Virtual Machines
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-31841
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.02% / 3.20%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 13:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DLL side loading vulnerability in MA for Windows

A DLL sideloading vulnerability in McAfee Agent for Windows prior to 5.7.4 could allow a local user to perform a DLL sideloading attack with an unsigned DLL with a specific name and in a specific location. This would result in the user gaining elevated permissions and the ability to execute arbitrary code as the system user, through not checking the DLL signature.

Action-Not Available
Vendor-McAfee, LLC
Product-mcafee_agentMcAfee Agent for Windows
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-426
Untrusted Search Path
CVE-2014-1498
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-5||MEDIUM
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-19 Mar, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSESUSEOracle Corporation
Product-solarisfirefoxopensuseseamonkeylinux_enterprise_desktoplinux_enterprise_serverlinux_enterprise_software_development_kitn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2020-35169
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-9.1||CRITICAL
EPSS-0.18% / 40.42%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 19:26
Updated-16 Sep, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

Action-Not Available
Vendor-Oracle CorporationDell Inc.
Product-http_serverweblogic_server_proxy_plug-inbsafe_crypto-c-micro-editiondatabasebsafe_micro-edition-suitesecurity_serviceDell BSAFE Crypto-C Micro Edition
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-20
Improper Input Validation
CVE-2019-17561
Matching Score-6
Assigner-Apache Software Foundation
ShareView Details
Matching Score-6
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.73% / 71.76%
||
7 Day CHG~0.00%
Published-30 Mar, 2020 | 18:44
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-netbeansgraalvmApache NetBeans
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-32449
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.2||HIGH
EPSS-0.01% / 0.23%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 06:50
Updated-04 Dec, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks

Action-Not Available
Vendor-Dell Inc.
Product-powerstore_1000tpowerstore_500tpowerstore_7000tpowerstore_1200tpowerstore_5200tpowerstore_3200tpowerstore_3000tpowerstore_5000tpowerstore_9200tpowerstore_9000tpowerstoret_osPowerStorepowerstoreos
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-47476
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 5.18%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 09:59
Updated-03 Feb, 2025 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.

Action-Not Available
Vendor-Dell Inc.
Product-networker_management_consoleNetWorker Management Consolenetworker_management_console
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-6664
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-5.8||MEDIUM
EPSS-0.28% / 51.09%
||
7 Day CHG~0.00%
Published-25 May, 2018 | 13:00
Updated-16 Sep, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SB10233 - Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 - Application Protections Bypass vulnerability

Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility.

Action-Not Available
Vendor-McAfee, LLCMicrosoft Corporation
Product-windowsdata_loss_prevention_endpointData Loss Prevention (DLP) Endpoint
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-36277
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.10%
||
7 Day CHG~0.00%
Published-09 Aug, 2021 | 21:05
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions before 4.3 contains an Improper Verification of Cryptographic Signature Vulnerability. A local authenticated malicious user may exploit this vulnerability by executing arbitrary code on the system.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_command_center_applicationcommand_\|_updateupdate\/alienware_updateAlienware Command Center (AWCC)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2021-31847
Matching Score-6
Assigner-Trellix
ShareView Details
Matching Score-6
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.03% / 7.97%
||
7 Day CHG~0.00%
Published-22 Sep, 2021 | 13:25
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper privilege management in repair process of MA for Windows

Improper access control vulnerability in the repair process for McAfee Agent for Windows prior to 5.7.4 could allow a local attacker to perform a DLL preloading attack using unsigned DLLs. This would result in elevation of privileges and the ability to execute arbitrary code as the system user, through not correctly protecting a temporary directory used in the repair process and not checking the DLL signature.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent for Windows
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-22946
Matching Score-6
Assigner-HackerOne
ShareView Details
Matching Score-6
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.63%
||
7 Day CHG~0.00%
Published-29 Sep, 2021 | 00:00
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.

Action-Not Available
Vendor-n/aNetApp, Inc.Debian GNU/LinuxOracle CorporationSiemens AGSplunk LLC (Cisco Systems, Inc.)Apple Inc.CURLFedora Project
Product-peoplesoft_enterprise_peopletoolscommunications_cloud_native_core_consolecommunications_cloud_native_core_network_function_cloud_native_environmentcloud_backuph300s_firmwareh410smacoscurlh300ssolidfire_baseboard_management_controllersnapcenterh300e_firmwaresinec_infrastructure_network_servicesclustered_data_ontaph500efedorah500s_firmwareh500e_firmwarecommunications_cloud_native_core_binding_support_functionh700eoncommand_insighth300ecommunications_cloud_native_core_service_communication_proxycommunications_cloud_native_core_network_slice_selection_functioncommunications_cloud_native_core_security_edge_protection_proxyh500scommunications_cloud_native_core_network_repository_functiononcommand_workflow_automationuniversal_forwarderdebian_linuxh410s_firmwareh700s_firmwareh700e_firmwaresolidfire_baseboard_management_controller_firmwareh700scommerce_guided_searchmysql_serverhttps://github.com/curl/curl
CWE ID-CWE-325
Missing Cryptographic Step
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2022-34459
Matching Score-6
Assigner-Dell
ShareView Details
Matching Score-6
Assigner-Dell
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.11%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:28
Updated-27 Mar, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

Action-Not Available
Vendor-Dell Inc.
Product-alienware_updatecommand_updateupdateDell Command Update (DCU)
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2019-5592
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.11% / 30.90%
||
7 Day CHG~0.00%
Published-23 Aug, 2019 | 19:52
Updated-25 Oct, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, OpenSSL 0-length) in the CBC padding implementation of FortiOS IPS engine version 5.000 to 5.006, 4.000 to 4.036, 4.200 to 4.219, 3.547 and below, when configured with SSL Deep Inspection policies and with the IPS sensor enabled, may allow an attacker to decipher TLS connections going through the FortiGate via monitoring the traffic in a Man-in-the-middle position.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortios_ips_engineFortinet IPS Engine
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2018-4111
Matching Score-4
Assigner-Apple Inc.
ShareView Details
Matching Score-4
Assigner-Apple Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.46% / 63.31%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 06:00
Updated-05 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_xn/a
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found