19 matches found
K10105323: Java Bouncy Castle vulnerability CVE-2015-7940
Security Advisory Description The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve...
br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +61 more potentially affected by CVE-2015-7940 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.50)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...
ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), am.ik.home:uaa-server (>=1.0.0 <=1.2.0) +1969 more potentially affected by CVE-2015-7940 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.50)
org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =1.0.0, =0.1.0, =1.1, =1.1.7, =1.1.9, =1.0.0, =2.0.7, =3.0.0 and more Source cves: CVE-2015-7940 Source advisory: OSV:GHSA-4MV7-CQ75-3QJM...
Ubuntu: Security Advisory (USN-3727-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerbility in Bouncy Castle affects Rational Service Tester (CVE-2015-7940 )
Summary Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an invalid curve attack. An attacker could exploit this vulnerability to extract private keys used in elliptic curve crytpography and obtain sensitive information. Vulnerability Details CVEID:...
Security Bulletin: Open-source Bouncy Castle vulnerability affects IBM® WebSphere Cast Iron (CVE-2015-7940)
Summary There is a vulnerability in Bouncy Castle version 1.49 that is used by WebSphere Cast Iron. Vulnerability Details CVEID: CVE-2015-7940 DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid...
Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)
Binary data oraclewebcenterportalcpujan2018.nbin...
Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)
According to its self-reported version, the Oracle iPlanet Web Server formerly known as Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services NSS library with unkno...
Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)
The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update
Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda)
Security fix for CVE-2015-7940 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...
Mageia: Security Advisory (MGASA-2015-0487)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated bouncycastle packages fix security vulnerability
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack" CVE-2015-7940...
[SECURITY] [DSA 3417-1] bouncycastle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3417-1 [email protected] https://www.debian.org/security/ Luciano Bello December 14, 2015 https://www.debian.org/security/faq -...
[SECURITY] [DLA 361-1] bouncycastle security update
Package : bouncycastle Version : 1.44+dfsg-2+deb6u1 CVE ID : CVE-2015-7940 Debian Bug : 802671 The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic...
CVE-2015-7940
CVE-2015-7940 (Bouncy Castle Java) : The library before 1.51 does not validate that an EC point lies on the curve, enabling an invalid-curve attack to potentially recover private keys during ECDH. Remote attackers could exploit crafted ECDH exchanges. Affected: Bouncy Castle JS, BC versions prior...
openSUSE Security Update : bouncycastle (openSUSE-2015-705)
bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed : - CVE-2015-7940: Invalid curve attack bsc951727. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2015:1911-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for bouncycastle (important)
bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed: - CVE-2015-7940: Invalid curve attack bsc951727...