Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000180 | 5 Bouncycastle, Debian, Netapp and 2 more | 21 Bc-java, Fips Java Api, Debian Linux and 18 more | 2025-05-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
|
|||||
| CVE-2018-1000613 | 4 Bouncycastle, Netapp, Opensuse and 1 more | 24 Bc-java, Oncommand Workflow Automation, Leap and 21 more | 2025-05-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which ...
Show More |
|||||