EUVD-2018-13576

Malware in sbrugna...

EUVD-2008-4349

Malware in sbrugna...

CVE-2025-9340 native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.

Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All API modules. This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0...

Linux Distros Unpatched Vulnerability : CVE-2016-1000341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for th...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

CVE-2023-30441

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188...

SUSE CVE-2014-0878

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier f...

SUSE CVE-2015-0478

Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE...

SUSE CVE-2016-1000340

In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed org.bouncycastle.math.raw.Nat???. These classes are used by our custom elliptic curve implementations...

SUSE CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...

SUSE CVE-2016-1000342

In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of...

SUSE CVE-2016-1000352

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...

JDK: exposure of sensitive information using a combination of flaws and configurations

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188...

JDK: exposure of sensitive information using a combination of flaws and configurations

IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188...

PT-2023-6741 · Ibm +3 · Jsse +5

Name of the Vulnerable Software and Affected Versions: IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE versions 8.0.7.0 through 8.0.7.11 Description: The issue is related to the use of flawed cryptographic algorithms in the Java Secure Socket Extension JSSE and IBMJCEPlus...

Observable Discrepancy in BouncyCastle

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...

GHSA-WRWF-PMMJ-W989 Observable Discrepancy in BouncyCastle

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable...

The vulnerability of the openssl extension (ext/openssl/openssl.c) in the PHP programming language interpreter allows a attacker to cause a service failure.

The vulnerability of the openssl extension ext/openssl/openssl.c in the PHP programming language interpreter is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...