Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be us...

4.3CVSS6.2AI score0.02284EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/09/08 12:0 a.m.14 views

FreeBSD : Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman (bcdeb6d2-f02d-11ea-838a-0011d823eebd)

Manuel Pegourie-Gonnard reports : An attacker with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world can recover the private keys used in RSA or static finite-field...

5.5AI score
Exploits0References2
Filippo.io
Filippo.io
added 2019/05/18 4:25 p.m.97 views

Using Ed25519 signing keys for encryption

@Benjojo12 and I are building an encryption tool that will also support SSH keys as recipients, because everyone effectively already publishes their SSH public keys on GitHub. For RSA keys, this is dangerous but straightforward: a PKCS1 v1.5 signing key is the same as an OAEP encryption key...

6.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.4 views

bouncycastle: Other party DH public keys are not fully validated

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...

4.3CVSS7.3AI score0.02284EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/14 12:7 p.m.98 views

Security update for bouncycastle (moderate)

This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...

4.3CVSS1.1AI score0.24282EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2018/06/04 9:0 p.m.29 views

CVE-2016-1000346

In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...

4.3CVSS6.3AI score0.02284EPSS
Exploits0
Rows per page
Query Builder