EUVD-2018-0689

Malware in sbrugna...

CVE-2018-9426

In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin...

PT-2024-10687 · Unknown · Rsakeypairgenerator

Name of the Vulnerable Software and Affected Versions: RSAKeyPairGenerator affected versions not specified Description: An incorrect implementation in RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java could cause the generation of weak RSA key pairs. This could lead to a cryp...

The vulnerability of the RsaKeyPairGenerator::getNumberOfIterations() method in the Bouncy Castle library allows a hacker to gain unauthorized access to protected data.

The vulnerability of the RsaKeyPairGenerator::getNumberOfIterations method in the Bouncy Castle library is related to deficiencies in the use of cryptographic keys. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected data using network protocols such as...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL 6 (RHSA-2018:2423)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2423 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

CVE-2018-1000180

CVE-2018-1000180 affects Bouncy Castle BC 1.54–1.59 (and BC-FJA 1.0.0/1.0.1) with a flaw in the Low-level RSA key pair generator interface that may produce RSA key pairs with fewer Miller–Rabin primality tests than expected. IBM vulnerability bulletins associate this CVE with IBM products (e.g., ...

Design/Logic Flaw

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

CVE-2016-1000343

CVE-2016-1000343 affects the Bouncy Castle JCE Provider (1.55 and earlier). When the JCA key pair generator is not explicitly initialised with DSA parameters, it may generate a weak private key by assuming a 1024-bit key size. Publicly available documents confirm this issue and recommend either e...

UBUNTU-CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...

PT-2018-4637 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue concerns the generation of weak private keys by the DSA key pair generator when used with default values. If the JCA key pair generator is not explicitly initialized...

CVE-2016-1000343

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size...