Lucene search
+L

113 matches found

prion
prion
added 2020/04/08 6:15 p.m.19 views

Design/Logic Flaw

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

7.5CVSS9.4AI score0.00275EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2020/04/08 5:43 p.m.27 views

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

9.5AI score0.00275EPSS
Exploits0References1
cve
cve
added 2020/04/08 5:43 p.m.49 views

CVE-2018-21058

CVE-2018-21058 affects Samsung mobile devices running Android 7.0/8.0 on Exynos 7420/8890/8996. The issue enables cache attacks against the Keymaster AES-GCM implementation because T-Tables are used and the Cryptography Extension (CE) is not utilized. Samsung ID: SVE-2018-12761. No exploitation o...

9.8CVSS9.3AI score0.00275EPSS
Exploits0References1Affected Software1
ubuntu
ubuntu
added 2019/07/31 12:5 a.m.283 views

USN-4080-1: OpenJDK 8 vulnerabilities

Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. CVE-2019-2745 It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing...

5.8CVSS7.5AI score0.09393EPSS
Exploits3
redhat
redhat
added 2019/07/23 6:20 p.m.8 views

OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS7.3AI score0.03358EPSS
Exploits0References4
osv
osv
added 2019/07/23 12:0 a.m.25 views

UBUNTU-CVE-2019-2842

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

3.7CVSS6.7AI score0.03358EPSS
Exploits0References5
redhat
redhat
added 2019/07/22 12:41 p.m.12 views

OpenJDK: Missing array bounds check in crypto providers (JCE, 8223511)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: JCE. The supported version that is affected is Java SE: 8u212. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this...

4.3CVSS7.3AI score0.03358EPSS
Exploits0References4
cnvd
cnvd
added 2019/07/17 12:0 a.m.6 views

Oracle Java SE Access Control Error Vulnerability (CNVD-2019-26748)

Oracle Java SE is a U.S. Oracle Oracle company for the development and deployment of desktop, server and embedded devices and real-time environments in the Java application. An access control error vulnerability exists in the JCE subcomponent of Oracle Java SE version 8u212. An attacker could...

4.3CVSS6.4AI score0.03358EPSS
Exploits0References1
osv
osv
added 2018/10/17 4:27 p.m.11 views

GHSA-W285-WF9Q-5W69 In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS6.9AI score0.02208EPSS
Exploits0References8
osv
osv
added 2018/10/17 4:24 p.m.9 views

GHSA-R9CH-M4FH-FC7Q Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

5.9CVSS6.8AI score0.02606EPSS
Exploits0References10
osv
osv
added 2018/10/17 4:23 p.m.12 views

GHSA-R97X-3G8F-GX3M The Bouncy Castle JCE Provider carry a propagation bug

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed org.bouncycastle.math.raw.Nat???. These classes are used by our custom elliptic curve implementations...

7.5CVSS7AI score0.0226EPSS
Exploits0References8
redhat
redhat
added 2018/09/11 7:53 a.m.4 views

bouncycastle: ECIES implementation allowed the use of ECB mode

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7.2AI score0.02208EPSS
Exploits0References4
cnvd
cnvd
added 2018/06/15 12:0 a.m.4 views

Unspecified Vulnerability in Bouncy Castle JCE Provider

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in the DHIES/ECIES CBC mode in Bouncy Castle JCE Provider 1.55 and earlier versions. An attacker can exploit the vulnerability via padding to determine the cause of a decryption failure...

5.9CVSS6.5AI score0.02618EPSS
Exploits0References1
nessus
nessus
added 2018/06/14 12:0 a.m.48 views

openSUSE Security Update : bouncycastle (openSUSE-2018-628)

This update for bouncycastle to version 1.59 fixes the following issues : These security issues were fixed : - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite usin...

7.5CVSS6.5AI score0.24282EPSS
Exploits0References22
cnvd
cnvd
added 2018/06/06 12:0 a.m.3 views

Unspecified Vulnerability in Bouncy Castle JCE Provider

Bouncy Castle JCE Provider is a Java-based encryption package. A security vulnerability exists in Bouncy Castle JCE Provider version 1.55 and earlier. A detailed description of the vulnerability is not available at this time...

7.5CVSS6.9AI score0.032EPSS
Exploits0References1
osv
osv
added 2018/06/04 9:29 p.m.6 views

UBUNTU-CVE-2016-1000344

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

7.4CVSS7AI score0.02208EPSS
Exploits0References2
osv
osv
added 2018/06/04 1:29 p.m.2 views

DEBIAN-CVE-2016-1000339

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

5.3CVSS9.1AI score0.027EPSS
Exploits0References1
osv
osv
added 2018/06/04 1:29 p.m.4 views

DEBIAN-CVE-2016-1000341

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

5.9CVSS6.8AI score0.02606EPSS
Exploits0References1
osv
osv
added 2018/06/04 12:0 a.m.3 views

UBUNTU-CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

5.9CVSS6.8AI score0.02618EPSS
Exploits0References3
osv
osv
added 2018/06/04 12:0 a.m.20 views

UBUNTU-CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

7.5CVSS7.1AI score0.032EPSS
Exploits0References3
Rows per page
Query Builder