Lucene search
K

19 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:47 p.m.59 views

K10105323: Java Bouncy Castle vulnerability CVE-2015-7940

Security Advisory Description The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve...

5CVSS7.6AI score0.0482EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2018/10/17 4:27 p.m.5 views

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +61 more potentially affected by CVE-2015-7940 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.50)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

5CVSS6.8AI score0.0482EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/17 4:27 p.m.5 views

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), am.ik.home:uaa-server (>=1.0.0 <=1.2.0) +1969 more potentially affected by CVE-2015-7940 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.50)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =1.0.0, =0.1.0, =1.1, =1.1.7, =1.1.9, =1.0.0, =2.0.7, =3.0.0 and more Source cves: CVE-2015-7940 Source advisory: OSV:GHSA-4MV7-CQ75-3QJM...

5CVSS6.8AI score0.0482EPSS
Exploits0
OpenVAS
OpenVAS
added 2018/08/02 12:0 a.m.36 views

Ubuntu: Security Advisory (USN-3727-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.7AI score0.0482EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 5:10 a.m.35 views

Security Bulletin: A vulnerbility in Bouncy Castle affects Rational Service Tester (CVE-2015-7940 )

Summary Bouncy Castle could allow a remote attacker to obtain sensitive information, caused by an invalid curve attack. An attacker could exploit this vulnerability to extract private keys used in elliptic curve crytpography and obtain sensitive information. Vulnerability Details CVEID:...

5CVSS1.4AI score0.0482EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:4 a.m.41 views

Security Bulletin: Open-source Bouncy Castle vulnerability affects IBM® WebSphere Cast Iron (CVE-2015-7940)

Summary There is a vulnerability in Bouncy Castle version 1.49 that is used by WebSphere Cast Iron. Vulnerability Details CVEID: CVE-2015-7940 DESCRIPTION: Bouncy Castle could allow a remote attacker to obtain sensitive information. An attacker could exploit this vulnerability using an invalid...

5CVSS0.7AI score0.0482EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/02/12 12:0 a.m.35 views

Oracle WebCenter Portal Multiple Vulnerabilities (January 2018 CPU)

Binary data oraclewebcenterportalcpujan2018.nbin...

8.2CVSS7.2AI score0.25737EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/01/25 12:0 a.m.941 views

Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)

According to its self-reported version, the Oracle iPlanet Web Server formerly known as Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services NSS library with unkno...

10CVSS7.6AI score0.99988EPSS
Exploits52References29
Tenable Nessus
Tenable Nessus
added 2017/07/20 12:0 a.m.108 views

Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)

The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An...

9.8CVSS7.7AI score0.55724EPSS
Exploits3References15
RedHat Linux
RedHat Linux
added 2016/10/06 4:18 p.m.105 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update

Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

9.8CVSS7.6AI score0.93143EPSS
Exploits14References10
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.28 views

Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda)

Security fix for CVE-2015-7940 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C...

5CVSS7.3AI score0.0482EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2015/12/29 12:0 a.m.37 views

Mageia: Security Advisory (MGASA-2015-0487)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.8AI score0.0482EPSS
Exploits0References4
Mageia
Mageia
added 2015/12/28 7:23 p.m.40 views

Updated bouncycastle packages fix security vulnerability

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack" CVE-2015-7940...

5CVSS8.4AI score0.0482EPSS
Exploits0References2
Debian
Debian
added 2015/12/14 12:51 p.m.47 views

[SECURITY] [DSA 3417-1] bouncycastle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3417-1 [email protected] https://www.debian.org/security/ Luciano Bello December 14, 2015 https://www.debian.org/security/faq -...

5CVSS8.4AI score0.0482EPSS
Exploits0
Debian
Debian
added 2015/12/08 11:28 a.m.57 views

[SECURITY] [DLA 361-1] bouncycastle security update

Package : bouncycastle Version : 1.44+dfsg-2+deb6u1 CVE ID : CVE-2015-7940 Debian Bug : 802671 The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic...

5CVSS6.8AI score0.0482EPSS
Exploits0
CVE
CVE
added 2015/11/09 4:0 p.m.179 views

CVE-2015-7940

CVE-2015-7940 (Bouncy Castle Java) : The library before 1.51 does not validate that an EC point lies on the curve, enabling an invalid-curve attack to potentially recover private keys during ECDH. Remote attackers could exploit crafted ECDH exchanges. Affected: Bouncy Castle JS, BC versions prior...

5CVSS8AI score0.0482EPSS
Exploits0References21Affected Software2
Tenable Nessus
Tenable Nessus
added 2015/11/05 12:0 a.m.41 views

openSUSE Security Update : bouncycastle (openSUSE-2015-705)

bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed : - CVE-2015-7940: Invalid curve attack bsc951727. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

5CVSS7.5AI score0.0482EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/11/05 12:0 a.m.26 views

openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2015:1911-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.8AI score0.0482EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2015/11/04 5:17 p.m.40 views

Security update for bouncycastle (important)

bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed: - CVE-2015-7940: Invalid curve attack bsc951727...

5CVSS3AI score0.0482EPSS
Exploits0References1
Rows per page
Query Builder