3 matches found
ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), am.ik.home:uaa-server (>=1.0.0 <=1.2.0) +1386 more potentially affected by CVE-2018-5382 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.49)
org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =1.0.0, =1.1.7, =1.1.9, =1.0.0, =2.0.7, =3.6.1, =3.11.0, =3.19.0 and more Source cves: CVE-2018-5382 Source advisory: OSV:GHSA-8477-3V39-GGPM...
Security Bulletin: Public disclosed vulnerability from Bouncy Castle affects Platform HPC
Summary Public disclosed vulnerability CVE-2018-5382 from Bouncy Castle fix was addressed by Platform HPC Vulnerability Details Data not yet populated Affected Products and Versions Platform HPC Version 4.1.1, 4.1.1.1, 4.2.0 and 4.2.1 Remediation/Fixes None. Workarounds and Mitigations Product |...
CVE-2018-5382
CVE-2018-5382 involves Bouncy Castle where the default BKS keystore uses an HMAC only 16 bits long, enabling brute-force attempts to compromise keystore integrity. Technical details from connected docs show that BC 1.47 updated the BKS format to use a 160-bit HMAC, addressing the issue for keysto...