Oracle Security Service
By the Year
In 2024 there have been 0 vulnerabilities in Oracle Security Service . Security Service did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 11 | 9.23 |
2021 | 0 | 0.00 |
2020 | 3 | 6.63 |
2019 | 0 | 0.00 |
2018 | 7 | 7.17 |
It may take a day or so for new Security Service vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Oracle Security Service Security Vulnerabilities
Dell BSAFE Crypto-C Micro Edition
CVE-2020-29506
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
Dell BSAFE Crypto-C Micro Edition
CVE-2020-29507
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
Improper Input Validation
Dell BSAFE Crypto-C Micro Edition
CVE-2020-29508
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
Improper Input Validation
Dell BSAFE Crypto-C Micro Edition
CVE-2020-35163
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
Use of Insufficiently Random Values
Dell BSAFE Crypto-C Micro Edition
CVE-2020-35164
8.1 - High
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell BSAFE Crypto-C Micro Edition
CVE-2020-35166
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell BSAFE Crypto-C Micro Edition
CVE-2020-35167
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell BSAFE Crypto-C Micro Edition
CVE-2020-35168
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell BSAFE Crypto-C Micro Edition
CVE-2020-35169
9.8 - Critical
- July 11, 2022
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
Improper Input Validation
Dell BSAFE Micro Edition Suite
CVE-2020-26184
7.5 - High
- June 01, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.
Improper Certificate Validation
Dell BSAFE Micro Edition Suite
CVE-2020-26185
7.5 - High
- June 01, 2022
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
Out-of-bounds Read
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability
CVE-2020-5360
7.5 - High
- December 16, 2020
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
Out-of-bounds Read
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API)
CVE-2020-14655
6.5 - Medium
- July 15, 2020
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N).
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None)
CVE-2020-14530
5.9 - Medium
- July 15, 2020
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue
CVE-2018-15769
7.5 - High
- November 16, 2018
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is sent to the TLS client, and an Ephemeral or Anonymous Diffie-Hellman cipher suite (DHE or ADH) is used.
RSA BSAFE Micro Edition Suite
CVE-2018-11058
9.8 - Critical
- September 14, 2018
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would result in such issue.
Out-of-bounds Read
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability
CVE-2018-11054
7.5 - High
- August 31, 2018
RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service.
Integer Overflow or Wraparound
RSA BSAFE Micro Edition Suite
CVE-2018-11055
5.5 - Medium
- August 31, 2018
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection.
Improper Resource Shutdown or Release
RSA BSAFE Micro Edition Suite
CVE-2018-11056
6.5 - Medium
- August 31, 2018
RSA BSAFE Micro Edition Suite, prior to 4.1.6.1 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.3 (in 4.0.x) contain an Uncontrolled Resource Consumption ('Resource Exhaustion') vulnerability when parsing ASN.1 data. A remote attacker could use maliciously constructed ASN.1 data that would exhaust the stack, potentially causing a Denial Of Service.
Resource Exhaustion
RSA BSAFE Micro Edition Suite
CVE-2018-11057
5.9 - Medium
- August 31, 2018
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x) contains a Covert Timing Channel vulnerability during RSA decryption, also known as a Bleichenbacher attack on RSA decryption. A remote attacker may be able to recover a RSA key.
Use of a Broken or Risky Cryptographic Algorithm
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API)
CVE-2018-2765
7.5 - High
- April 19, 2018
Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: Oracle SSL API). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Security Service or by Oracle? Click the Watch button to subscribe.