Lucene search
K

12 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/10/02 10:7 a.m.39 views

Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to multiple vulnerabilities

Summary Multiple potential vulnerabilities in Vim has been identified that may affect IBM Watson CP4D Data Stores. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-2849 DESCRIPTION: Vim is vulnerable to a heap-based buffer...

7.8CVSS9.4AI score0.01196EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/07 6:50 a.m.31 views

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to Bouncy Castle BC-FJA

Summary IBM Sterling Connect:Direct Web Service 6.1 and 6.2 is vulnerable to BC version 1.75 . We have upgraded to version 1.78 to fix CVE-2022-45146. Vulnerability Details CVEID:CVE-2022-45146 DESCRIPTION: The Legion of the Bouncy Castle BC-FJA could allow a remote attacker to obtain sensitive...

5.5CVSS5.6AI score0.00434EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/20 6:22 a.m.64 views

Security Bulletin: IBM Observability with Instana using third-party Kubernetes Operators is affected by Multiple Security Vulnerabilities

Summary Multiple vulnerabilities were remediated in IBM Observability with Instana using third-party Kubernetes Operators build 271. Vulnerability Details CVEID:CVE-2024-1023 DESCRIPTION: Eclipse Vert.x is vulnerable to a denial of service, caused by a memory leak due to the use of Netty...

6.5CVSS7AI score0.01639EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2024/01/02 5:30 a.m.85 views

CVE-2022-45146

A flaw was found in the FIPS Java API of Bouncy Castle BC-FJA. Affected versions of this package are vulnerable to Improper Authentication. Changes to the JVM garbage collector in Java 13 and later can trigger an issue in the BC-FJA FIPS modules, where it is possible for temporary keys used by th...

5.5CVSS5.3AI score0.00434EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:20 a.m.3 views

SUSE CVE-2018-1000180

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 bet...

4.8CVSS8.7AI score0.03592EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/11/21 12:30 p.m.31 views

Garbage collection issue in BC-FJA in Java 13 and later

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

5.5CVSS5.5AI score0.00434EPSS
Exploits1References5Affected Software1
Prion
Prion
added 2022/11/21 10:15 a.m.44 views

Code injection

An issue was discovered in the FIPS Java API of Bouncy Castle BC-FJA before 1.0.2.4. Changes to the JVM garbage collector in Java 13 and later trigger an issue in the BC-FJA FIPS modules where it is possible for temporary keys used by the module to be zeroed out while still in use by the module,...

1.7CVSS5.4AI score0.00434EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/11/21 12:0 a.m.441 views

CVE-2022-45146

CVE-2022-45146 affects the FIPS Java API in BC-FJA (Bouncy Castle) before 1.0.2.4. Changes to the JVM garbage collector in Java 13+ can cause temporary keys used by BC-FJA FIPS modules to be zeroed while still in use, leading to errors or potential information loss. Note: FIPS-certified Java vers...

5.5CVSS5.2AI score0.00434EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2021/08/13 12:0 a.m.42 views

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Bouncy Castle BC Java before 1.66, BC C .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multip...

5.9CVSS6.7AI score0.01522EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/06/28 12:0 a.m.37 views

SUSE SLED15 / SLES15 Security Update : bouncycastle (SUSE-SU-2021:2163-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2163-1 advisory. - CVE-2020-15522: Fixed a timing issue within the EC math library bsc1186328. Tenable has extracted the preceding description block directly fr...

5.9CVSS6.7AI score0.01522EPSS
Exploits0References4
NVD
NVD
added 2020/11/02 10:15 p.m.24 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.4AI score0.00906EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2020/11/02 10:0 p.m.35 views

CVE-2020-26939

In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext tha...

5.3CVSS6.2AI score0.00906EPSS
Exploits0
Rows per page
Query Builder