24 matches found
EUVD-2018-0476
Malware in sbrugna...
EUVD-2018-0562
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2016-1000344
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for...
Security Bulletin: IBM Sterling File Gateway is vulnerable to multiple issues due to Bouncy Castle
Summary IBM Sterliing File Gateway has addressed multiple security vulnerabilities in Bouncy Castle. Vulnerability Details CVEID:CVE-2016-1000343 DESCRIPTION: Bouncy Castle JCE Provider could provide weaker than expected security, caused by a flaw in the DSA key pair generator. A remote attacker...
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
MGASA-2018-0376 Updated bouncycastle packages fix security vulnerabilities
Updated bouncycastle packages fix security vulnerabilities: Ensure full validation of ASN.1 encoding of signature on verification. It was possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may have allowed the introduction of...
Debian DLA-1418-1 : bouncycastle security update
Several security vulnerabilities were found in Bouncy Castle, a Java implementation of cryptographic algorithms. CVE-2016-1000338 DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have...
Security update for bouncycastle (moderate)
This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...
openSUSE Security Update : bouncycastle (openSUSE-2018-628)
This update for bouncycastle to version 1.59 fixes the following issues : These security issues were fixed : - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite usin...
Design/Logic Flaw
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000345
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
Code injection
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding...
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000345
CVE-2016-1000345 (padding oracle in Bouncy Castle JCE Provider DHIES/ECIES CBC) affects BC 1.55 and earlier; in environments with observable timings, decryption padding failures can be inferred via timing analyses. The IBM/BC-focused bulletin confirms this CVE among multiple BC-related issues and...
CVE-2016-1000344
CVE-2016-1000344 : The vulnerability stems from the DHIES implementation in the Bouncy Castle JCE Provider (versions 1.55 and earlier) allowing ECB mode. IBM security bulletins note this BC vulnerability affecting IBM Sterling products (e.g., Sterling File Gateway and Sterling B2B Integrator) and...
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider...