Mageia: Security Advisory (MGASA-2015-0487)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3417-1 : bouncycastle - security update

Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from...

[SECURITY] [DSA 3417-1] bouncycastle security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3417-1 [email protected] https://www.debian.org/security/ Luciano Bello December 14, 2015 https://www.debian.org/security/faq -...

DSA-3417-1 bouncycastle - security update

Bulletin has no description...

Debian Security Advisory DSA 3417-1 (bouncycastle - security update)

Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from...

[SECURITY] [DLA 361-1] bouncycastle security update

Package : bouncycastle Version : 1.44+dfsg-2+deb6u1 CVE ID : CVE-2015-7940 Debian Bug : 802671 The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic...

Bouncy Castle Java library信息泄漏漏洞

No description provided by source...

Apache Commons Collections Java Library Vulnerability

US-CERT is aware of a deserialization vulnerability in the Apache Commons Collections ACC Java library. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. US-CERT encourages users and administrators to review...

Bouncy Castle Java library Information Disclosure Vulnerability

Legion of the Bouncy Castle Java library is an open source lightweight password package for the Java platform from the Australian company Legion of the Bouncy Castle. An information disclosure vulnerability exists in versions of the Legion of the Bouncy Castle Java library prior to 1.51, which...

Apache Commons Collections Java library insecurely deserializes data

Overview The Apache Commons Collections ACC library is vulnerable to insecure deserialization of data, which may result in arbitrary code execution. Java applications that either directly use ACC, or contain ACC in their classpath, may be vulnerable to arbitrary code execution. Description CWE-50...

DEBIAN-CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

Information disclosure

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

CVE-2015-7940

CVE-2015-7940 (Bouncy Castle Java) : The library before 1.51 does not validate that an EC point lies on the curve, enabling an invalid-curve attack to potentially recover private keys during ECDH. Remote attackers could exploit crafted ECDH exchanges. Affected: Bouncy Castle JS, BC versions prior...

CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman ECDH key exchanges, aka an "invalid curve attack."...

Milton Webdav 2.7.0.1 XXE Injection

Dear all, I've recently found vulnerability in Milton Webdav 2.7.0.1 project page - http://milton.io/. Milton Webdav is a Java library for adding webdav capabilities to your applications. Milton Webdav supports PROPFIND, PROPPATCH and LOCK methods. This Webdav methods expect XML in request body...

PE Static Malware Analysis: PortEx

PortEx is a Java library for static malware analysis of portable executable files. Its focus is on PE malformation robustness and anomaly detection. PortEx is written in Java and Scala, and targeted at Java applications. Features Reading Header information from: MSDOS Header, COFF File Header,...