Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1000613 (GCVE-0-2018-1000613)
Vulnerability from cvelistv5
- n/a
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T12:40:47.584Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "openSUSE-SU-2020:0607", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2018-1000613", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-29T19:03:21.865602Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-14T20:37:00.531Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "dateAssigned": "2018-07-08T00:00:00", "datePublic": "2018-03-02T00:00:00", "descriptions": [ { "lang": "en", "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-06-14T17:20:03", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "openSUSE-SU-2020:0607", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-07-08T15:52:41.190527", "DATE_REQUESTED": "2018-06-29T04:46:08", "ID": "CVE-2018-1000613", "REQUESTER": "dgh@bouncycastle.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2020:0607", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190204-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574", "refsource": "CONFIRM", "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc", "refsource": "CONFIRM", "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000613", "datePublished": "2018-07-09T20:00:00", "dateReserved": "2018-06-29T00:00:00", "dateUpdated": "2024-11-14T20:37:00.531Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-1000613\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-09T20:29:00.283\",\"lastModified\":\"2025-05-12T17:37:16.527\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"},{\"lang\":\"es\",\"value\":\"Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-470\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.58\",\"versionEndExcluding\":\"1.60\",\"matchCriteriaId\":\"1D6A34DD-AD94-470C-8262-D7257902FB74\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"013043A2-0765-4AF5-ABFC-6A8960FFBFD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD9D7511-2934-4974-9C9E-3BE03B846734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC967A48-D834-4E9B-8CEC-057E7D5B8174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F920CDE4-DF29-4611-93E9-A386C89EDB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0.1\",\"matchCriteriaId\":\"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDED89A-7C6F-41E9-A91F-9B09D401F85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19E630B9-B5E5-442A-B75C-1E4771072A03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4534CF9-D9FD-4936-9D8C-077387028A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCA44E38-EB8C-4E2D-8611-B201F47520E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2\",\"matchCriteriaId\":\"77120A3C-9A48-45FC-A620-5072AF325ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"726DB59B-00C7-444E-83F7-CB31032482AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7582B307-3899-4BBB-B868-BC912A4D0109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B35E9A-5557-4D77-AE53-816B3C481E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69300B13-8C0F-4433-A6E8-B2CE32C4723D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9E13DD9-F456-4802-84AD-A2A1F12FE999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87FC90-16D0-4051-8280-B0DD4441F10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4C318C-5D1E-479B-9597-9FAD9E186111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65994DC4-C9C0-48B0-88AB-E2958B4EB9E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE188B12-D28E-490C-9948-F5305A7D55BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D7B9B6-B41A-4DEA-9946-59A84FAC57E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EB1CD1A-E760-4357-AF51-B38A852FA980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693C97B5-25B4-4DF3-A7D7-02C722A3DD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7756147-7168-4E03-93EE-31379F6BE88E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFF04EF-B1C3-4601-878A-35EA6A15EF0C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190204-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190204-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}", "vulnrichment": { "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"name\": \"openSUSE-SU-2020:0607\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T12:40:47.584Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-1000613\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-29T19:03:21.865602Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-14T20:36:56.605Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-03-02T00:00:00\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"name\": \"openSUSE-SU-2020:0607\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_refsource_MISC\"]}], \"dateAssigned\": \"2018-07-08T00:00:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-06-14T17:20:03\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"name\": \"openSUSE-SU-2020:0607\", \"refsource\": \"SUSE\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"name\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"name\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"name\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-1000613\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\", \"REQUESTER\": \"dgh@bouncycastle.org\", \"DATE_ASSIGNED\": \"2018-07-08T15:52:41.190527\", \"DATE_REQUESTED\": \"2018-06-29T04:46:08\"}}}}", "cveMetadata": "{\"cveId\": \"CVE-2018-1000613\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-14T20:37:00.531Z\", \"dateReserved\": \"2018-06-29T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2018-07-09T20:00:00\", \"assignerShortName\": \"mitre\"}", "dataType": "CVE_RECORD", "dataVersion": "5.1" } } }
ghsa-4446-656p-f54g
Vulnerability from github
Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.
This vulnerability appears to have been fixed in 1.60 and later.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.bouncycastle:bcprov-jdk15on" }, "ranges": [ { "events": [ { "introduced": "1.57" }, { "fixed": "1.60" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2018-1000613" ], "database_specific": { "cwe_ids": [ "CWE-470", "CWE-502" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T20:57:10Z", "nvd_published_at": "2018-07-09T20:29:00Z", "severity": "CRITICAL" }, "details": "Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. \n\nThis vulnerability appears to have been fixed in 1.60 and later.", "id": "GHSA-4446-656p-f54g", "modified": "2025-05-12T21:40:33Z", "published": "2018-10-17T16:23:12Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613" }, { "type": "WEB", "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "type": "WEB", "url": "https://github.com/bcgit/bc-java/commit/cc9f91c41be67e88fca4e38f4872418448950fd9" }, { "type": "WEB", "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-4446-656p-f54g" }, { "type": "PACKAGE", "url": "https://github.com/bcgit/bc-java" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20190204-0003" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ], "summary": "Deserialization of Untrusted Data in Bouncy castle" }
CVE-2018-1000613
Vulnerability from jvndb
Vendor | Product | |
---|---|---|
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-008573.html", "dc:date": "2018-11-20T18:15+09:00", "dcterms:issued": "2018-10-23T15:15+09:00", "dcterms:modified": "2018-11-20T18:15+09:00", "description": "Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor.", "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-008573.html", "sec:cpe": { "#text": "cpe:/a:hitachi:infrastructure_analytics_advisor", "@product": "Hitachi Infrastructure Analytics Advisor", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, "sec:cvss": [ { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "9.8", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2018-008573", "sec:references": [ { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613", "@id": "CVE-2018-1000613", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613", "@id": "CVE-2018-1000613", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" } ], "title": "Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor" }
CERTFR-2020-AVI-420
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneVendor | Product | Description | ||
---|---|---|---|---|
N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1", "product": { "name": "N/A", "vendor": { "name": "N/A", "scada": false } } }, { "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO", "product": { "name": "Junos OS Evolved", "vendor": { "name": "Juniper Networks", "scada": false } } }, { "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1", "product": { "name": "Junos OS", "vendor": { "name": "Juniper Networks", "scada": false } } } ], "affected_systems_content": null, "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n", "cves": [ { "name": "CVE-2011-1167", "url": "https://www.cve.org/CVERecord?id=CVE-2011-1167" }, { "name": "CVE-2016-2324", "url": "https://www.cve.org/CVERecord?id=CVE-2016-2324" }, { "name": "CVE-2013-1960", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1960" }, { "name": "CVE-2012-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4447" }, { "name": "CVE-2016-3991", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3991" }, { "name": "CVE-2016-1838", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838" }, { "name": "CVE-2014-7826", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7826" }, { "name": "CVE-2020-1648", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1648" }, { "name": "CVE-2016-3621", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3621" }, { "name": "CVE-2011-0192", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192" }, { "name": "CVE-2016-1000341", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341" }, { "name": "CVE-2016-6662", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6662" }, { "name": "CVE-2019-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169" }, { "name": "CVE-2019-11097", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11097" }, { "name": "CVE-2009-2347", "url": "https://www.cve.org/CVERecord?id=CVE-2009-2347" }, { "name": "CVE-2014-3634", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3634" }, { "name": "CVE-2016-1000343", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343" }, { "name": "CVE-2015-1782", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1782" }, { "name": "CVE-2017-13098", "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098" }, { "name": "CVE-2019-11132", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11132" }, { "name": "CVE-2014-7825", "url": "https://www.cve.org/CVERecord?id=CVE-2014-7825" }, { "name": "CVE-2016-6136", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6136" }, { "name": "CVE-2020-1646", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1646" }, { "name": "CVE-2019-11086", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11086" }, { "name": "CVE-2017-7895", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7895" }, { "name": "CVE-2012-1173", "url": "https://www.cve.org/CVERecord?id=CVE-2012-1173" }, { "name": "CVE-2012-2088", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2088" }, { "name": "CVE-2014-9938", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9938" }, { "name": "CVE-2015-1158", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1158" }, { "name": "CVE-2020-1651", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1651" }, { "name": "CVE-2010-2067", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2067" }, { "name": "CVE-2019-11106", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11106" }, { "name": "CVE-2016-1000346", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346" }, { "name": "CVE-2016-3945", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3945" }, { "name": "CVE-2016-4447", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447" }, { "name": "CVE-2016-4448", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448" }, { "name": "CVE-2020-1645", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1645" }, { "name": "CVE-2016-1000345", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345" }, { "name": "CVE-2020-1640", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1640" }, { "name": "CVE-2013-4244", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4244" }, { "name": "CVE-2016-3705", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3705" }, { "name": "CVE-2020-1643", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1643" }, { "name": "CVE-2018-16881", "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881" }, { "name": "CVE-2015-7940", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7940" }, { "name": "CVE-2017-1000117", "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117" }, { "name": "CVE-2012-5581", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5581" }, { "name": "CVE-2016-1000338", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338" }, { "name": "CVE-2014-3690", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3690" }, { "name": "CVE-2018-1000613", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613" }, { "name": "CVE-2017-12588", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12588" }, { "name": "CVE-2016-0787", "url": "https://www.cve.org/CVERecord?id=CVE-2016-0787" }, { "name": "CVE-2016-1834", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834" }, { "name": "CVE-2016-9555", "url": "https://www.cve.org/CVERecord?id=CVE-2016-9555" }, { "name": "CVE-2013-1624", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1624" }, { "name": "CVE-2016-3990", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3990" }, { "name": "CVE-2019-0168", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0168" }, { "name": "CVE-2018-1000021", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021" }, { "name": "CVE-2019-11103", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11103" }, { "name": "CVE-2014-9679", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9679" }, { "name": "CVE-2020-1647", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1647" }, { "name": "CVE-2019-11107", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11107" }, { "name": "CVE-2020-1652", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1652" }, { "name": "CVE-2017-14867", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14867" }, { "name": "CVE-2009-5022", "url": "https://www.cve.org/CVERecord?id=CVE-2009-5022" }, { "name": "CVE-2016-1835", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1835" }, { "name": "CVE-2019-3856", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3856" }, { "name": "CVE-2020-1650", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1650" }, { "name": "CVE-2016-1000342", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342" }, { "name": "CVE-2019-3863", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3863" }, { "name": "CVE-2016-1836", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836" }, { "name": "CVE-2019-11110", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11110" }, { "name": "CVE-2013-0169", "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169" }, { "name": "CVE-2016-1000339", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339" }, { "name": "CVE-2008-2327", "url": "https://www.cve.org/CVERecord?id=CVE-2008-2327" }, { "name": "CVE-2017-9935", "url": "https://www.cve.org/CVERecord?id=CVE-2017-9935" }, { "name": "CVE-2018-3639", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639" }, { "name": "CVE-2018-5382", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5382" }, { "name": "CVE-2014-9584", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9584" }, { "name": "CVE-2019-11102", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11102" }, { "name": "CVE-2019-3862", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3862" }, { "name": "CVE-2019-11088", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11088" }, { "name": "CVE-2019-11105", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11105" }, { "name": "CVE-2016-5616", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5616" }, { "name": "CVE-2015-1421", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1421" }, { "name": "CVE-2014-9529", "url": "https://www.cve.org/CVERecord?id=CVE-2014-9529" }, { "name": "CVE-2020-1654", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1654" }, { "name": "CVE-2013-1961", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1961" }, { "name": "CVE-2015-7082", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7082" }, { "name": "CVE-2006-2193", "url": "https://www.cve.org/CVERecord?id=CVE-2006-2193" }, { "name": "CVE-2014-8171", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8171" }, { "name": "CVE-2006-2656", "url": "https://www.cve.org/CVERecord?id=CVE-2006-2656" }, { "name": "CVE-2019-11101", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11101" }, { "name": "CVE-2016-1833", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833" }, { "name": "CVE-2018-11233", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11233" }, { "name": "CVE-2013-4232", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4232" }, { "name": "CVE-2013-4243", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4243" }, { "name": "CVE-2016-3627", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627" }, { "name": "CVE-2011-3200", "url": "https://www.cve.org/CVERecord?id=CVE-2011-3200" }, { "name": "CVE-2016-1840", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840" }, { "name": "CVE-2017-15298", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15298" }, { "name": "CVE-2014-8884", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8884" }, { "name": "CVE-2015-1159", "url": "https://www.cve.org/CVERecord?id=CVE-2015-1159" }, { "name": "CVE-2016-1762", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762" }, { "name": "CVE-2019-11131", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11131" }, { "name": "CVE-2020-1641", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1641" }, { "name": "CVE-2019-11090", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11090" }, { "name": "CVE-2013-4758", "url": "https://www.cve.org/CVERecord?id=CVE-2013-4758" }, { "name": "CVE-2016-1837", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837" }, { "name": "CVE-2019-0131", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0131" }, { "name": "CVE-2019-11109", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11109" }, { "name": "CVE-2016-5314", "url": "https://www.cve.org/CVERecord?id=CVE-2016-5314" }, { "name": "CVE-2016-1839", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839" }, { "name": "CVE-2016-1000352", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352" }, { "name": "CVE-2010-2065", "url": "https://www.cve.org/CVERecord?id=CVE-2010-2065" }, { "name": "CVE-2019-0166", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0166" }, { "name": "CVE-2010-1411", "url": "https://www.cve.org/CVERecord?id=CVE-2010-1411" }, { "name": "CVE-2016-3632", "url": "https://www.cve.org/CVERecord?id=CVE-2016-3632" }, { "name": "CVE-2019-3855", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3855" }, { "name": "CVE-2015-7547", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547" }, { "name": "CVE-2020-1649", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1649" }, { "name": "CVE-2019-3857", "url": "https://www.cve.org/CVERecord?id=CVE-2019-3857" }, { "name": "CVE-2012-4564", "url": "https://www.cve.org/CVERecord?id=CVE-2012-4564" }, { "name": "CVE-2012-2113", "url": "https://www.cve.org/CVERecord?id=CVE-2012-2113" }, { "name": "CVE-2019-11104", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11104" }, { "name": "CVE-2019-11087", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11087" }, { "name": "CVE-2016-1000344", "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344" }, { "name": "CVE-2019-11108", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11108" }, { "name": "CVE-2014-3215", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3215" }, { "name": "CVE-2018-11235", "url": "https://www.cve.org/CVERecord?id=CVE-2018-11235" }, { "name": "CVE-2016-6663", "url": "https://www.cve.org/CVERecord?id=CVE-2016-6663" }, { "name": "CVE-2018-19486", "url": "https://www.cve.org/CVERecord?id=CVE-2018-19486" }, { "name": "CVE-2015-7545", "url": "https://www.cve.org/CVERecord?id=CVE-2015-7545" }, { "name": "CVE-2016-4449", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449" }, { "name": "CVE-2019-1551", "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551" }, { "name": "CVE-2019-11100", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11100" }, { "name": "CVE-2018-5360", "url": "https://www.cve.org/CVERecord?id=CVE-2018-5360" }, { "name": "CVE-2018-1000180", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180" }, { "name": "CVE-2019-0165", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0165" }, { "name": "CVE-2020-1644", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1644" }, { "name": "CVE-2019-11147", "url": "https://www.cve.org/CVERecord?id=CVE-2019-11147" }, { "name": "CVE-2012-3401", "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401" }, { "name": "CVE-2019-0211", "url": "https://www.cve.org/CVERecord?id=CVE-2019-0211" }, { "name": "CVE-2014-3683", "url": "https://www.cve.org/CVERecord?id=CVE-2014-3683" } ], "initial_release_date": "2020-07-09T00:00:00", "last_revision_date": "2020-07-09T00:00:00", "links": [], "reference": "CERTFR-2020-AVI-420", "revisions": [ { "description": "Version initiale", "revision_date": "2020-07-09T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Ex\u00e9cution de code arbitraire \u00e0 distance" }, { "description": "Contournement de la politique de s\u00e9curit\u00e9" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" }, { "description": "\u00c9l\u00e9vation de privil\u00e8ges" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n", "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper", "vendor_advisories": [ { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST" }, { "published_at": null, "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020", "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST" } ] }
fkie_cve-2018-1000613
Vulnerability from fkie_nvd
URL | Tags | ||
---|---|---|---|
cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html | Mailing List, Third Party Advisory | |
cve@mitre.org | https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 | Patch | |
cve@mitre.org | https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc | Patch | |
cve@mitre.org | https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | Mailing List | |
cve@mitre.org | https://security.netapp.com/advisory/ntap-20190204-0003/ | Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html | Mailing List, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc | Patch | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | Mailing List | |
af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190204-0003/ | Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory |
Vendor | Product | Version | |
---|---|---|---|
bouncycastle | bc-java | * | |
netapp | oncommand_workflow_automation | - | |
opensuse | leap | 15.1 | |
oracle | api_gateway | 11.1.2.4.0 | |
oracle | banking_platform | 2.6.0 | |
oracle | banking_platform | 2.6.1 | |
oracle | banking_platform | 2.6.2 | |
oracle | business_process_management_suite | 11.1.1.9.0 | |
oracle | business_process_management_suite | 12.1.3.0.0 | |
oracle | business_process_management_suite | 12.2.1.3.0 | |
oracle | business_transaction_management | 12.1.0 | |
oracle | communications_application_session_controller | 3.7.1 | |
oracle | communications_application_session_controller | 3.8.0 | |
oracle | communications_converged_application_server | * | |
oracle | communications_converged_application_server | 7.0.0.1 | |
oracle | communications_convergence | 3.0.2 | |
oracle | communications_diameter_signaling_router | 8.0.0 | |
oracle | communications_diameter_signaling_router | 8.1 | |
oracle | communications_diameter_signaling_router | 8.2 | |
oracle | communications_diameter_signaling_router | 8.2.1 | |
oracle | communications_webrtc_session_controller | * | |
oracle | communications_webrtc_session_controller | 7.2 | |
oracle | data_integrator | 12.2.1.3.0 | |
oracle | enterprise_manager_base_platform | 12.1.0.5.0 | |
oracle | enterprise_manager_base_platform | 13.2.0.0 | |
oracle | enterprise_manager_base_platform | 13.3.0.0 | |
oracle | enterprise_manager_for_fusion_middleware | 13.2.0.0 | |
oracle | enterprise_manager_for_fusion_middleware | 13.3.0.0 | |
oracle | enterprise_repository | 11.1.1.7.0 | |
oracle | enterprise_repository | 12.1.3.0.0 | |
oracle | managed_file_transfer | 12.1.3.0.0 | |
oracle | managed_file_transfer | 12.2.1.3.0 | |
oracle | peoplesoft_enterprise_peopletools | 8.55 | |
oracle | peoplesoft_enterprise_peopletools | 8.56 | |
oracle | peoplesoft_enterprise_peopletools | 8.57 | |
oracle | retail_convenience_and_fuel_pos_software | 2.8.1 | |
oracle | retail_xstore_point_of_service | 7.0 | |
oracle | retail_xstore_point_of_service | 7.1 | |
oracle | soa_suite | 12.1.3.0.0 | |
oracle | soa_suite | 12.2.1.3.0 | |
oracle | utilities_network_management_system | 1.12.0.3 | |
oracle | utilities_network_management_system | 2.3.0.0 | |
oracle | utilities_network_management_system | 2.3.0.1 | |
oracle | utilities_network_management_system | 2.3.0.2 | |
oracle | webcenter_portal | 11.1.1.9.0 | |
oracle | webcenter_portal | 12.2.1.3.0 | |
oracle | weblogic_server | 12.2.1.3 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D6A34DD-AD94-470C-8262-D7257902FB74", "versionEndExcluding": "1.60", "versionStartIncluding": "1.58", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD9D7511-2934-4974-9C9E-3BE03B846734", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4", "versionEndExcluding": "7.0.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BDED89A-7C6F-41E9-A91F-9B09D401F85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "19E630B9-B5E5-442A-B75C-1E4771072A03", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF", "versionEndExcluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "96B35E9A-5557-4D77-AE53-816B3C481E02", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF4C318C-5D1E-479B-9597-9FAD9E186111", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "51D7B9B6-B41A-4DEA-9946-59A84FAC57E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1EB1CD1A-E760-4357-AF51-B38A852FA980", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "693C97B5-25B4-4DF3-A7D7-02C722A3DD88", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later." }, { "lang": "es", "value": "Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores." } ], "id": "CVE-2018-1000613", "lastModified": "2025-05-12T17:37:16.527", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-09T20:29:00.283", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch" ], "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-470" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
opensuse-su-2024:10661-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "bouncycastle-1.68-3.2 on GA media", "title": "Title of the patch" }, { "category": "description", "text": "These are all security issues fixed in the bouncycastle-1.68-3.2 package on the GA media of openSUSE Tumbleweed.", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-Tumbleweed-2024-10661", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10661-1.json" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000338 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000338/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000339 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000339/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000340 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000340/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000341 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000341/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000342 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000342/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000343 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000343/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000344 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000344/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000345 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000345/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000346 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000346/" }, { "category": "self", "summary": "SUSE CVE CVE-2016-1000352 page", "url": "https://www.suse.com/security/cve/CVE-2016-1000352/" }, { "category": "self", "summary": "SUSE CVE CVE-2017-13098 page", "url": "https://www.suse.com/security/cve/CVE-2017-13098/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000180 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000180/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000613 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000613/" }, { "category": "self", "summary": "SUSE CVE CVE-2019-17359 page", "url": "https://www.suse.com/security/cve/CVE-2019-17359/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-15522 page", "url": "https://www.suse.com/security/cve/CVE-2020-15522/" }, { "category": "self", "summary": "SUSE CVE CVE-2020-28052 page", "url": "https://www.suse.com/security/cve/CVE-2020-28052/" } ], "title": "bouncycastle-1.68-3.2 on GA media", "tracking": { "current_release_date": "2024-06-15T00:00:00Z", "generator": { "date": "2024-06-15T00:00:00Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2024:10661-1", "initial_release_date": "2024-06-15T00:00:00Z", "revision_history": [ { "date": "2024-06-15T00:00:00Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "bouncycastle-1.68-3.2.aarch64", "product": { "name": "bouncycastle-1.68-3.2.aarch64", "product_id": "bouncycastle-1.68-3.2.aarch64" } }, { "category": "product_version", "name": "bouncycastle-javadoc-1.68-3.2.aarch64", "product": { "name": "bouncycastle-javadoc-1.68-3.2.aarch64", "product_id": "bouncycastle-javadoc-1.68-3.2.aarch64" } }, { "category": "product_version", "name": "bouncycastle-mail-1.68-3.2.aarch64", "product": { "name": "bouncycastle-mail-1.68-3.2.aarch64", "product_id": "bouncycastle-mail-1.68-3.2.aarch64" } }, { "category": "product_version", "name": "bouncycastle-pg-1.68-3.2.aarch64", "product": { "name": "bouncycastle-pg-1.68-3.2.aarch64", "product_id": "bouncycastle-pg-1.68-3.2.aarch64" } }, { "category": "product_version", "name": "bouncycastle-pkix-1.68-3.2.aarch64", "product": { "name": "bouncycastle-pkix-1.68-3.2.aarch64", "product_id": "bouncycastle-pkix-1.68-3.2.aarch64" } }, { "category": "product_version", "name": "bouncycastle-tls-1.68-3.2.aarch64", "product": { "name": "bouncycastle-tls-1.68-3.2.aarch64", "product_id": "bouncycastle-tls-1.68-3.2.aarch64" } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "bouncycastle-1.68-3.2.ppc64le", "product": { "name": "bouncycastle-1.68-3.2.ppc64le", "product_id": "bouncycastle-1.68-3.2.ppc64le" } }, { "category": "product_version", "name": "bouncycastle-javadoc-1.68-3.2.ppc64le", "product": { "name": "bouncycastle-javadoc-1.68-3.2.ppc64le", "product_id": "bouncycastle-javadoc-1.68-3.2.ppc64le" } }, { "category": "product_version", "name": "bouncycastle-mail-1.68-3.2.ppc64le", "product": { "name": "bouncycastle-mail-1.68-3.2.ppc64le", "product_id": "bouncycastle-mail-1.68-3.2.ppc64le" } }, { "category": "product_version", "name": "bouncycastle-pg-1.68-3.2.ppc64le", "product": { "name": "bouncycastle-pg-1.68-3.2.ppc64le", "product_id": "bouncycastle-pg-1.68-3.2.ppc64le" } }, { "category": "product_version", "name": "bouncycastle-pkix-1.68-3.2.ppc64le", "product": { "name": "bouncycastle-pkix-1.68-3.2.ppc64le", "product_id": "bouncycastle-pkix-1.68-3.2.ppc64le" } }, { "category": "product_version", "name": "bouncycastle-tls-1.68-3.2.ppc64le", "product": { "name": "bouncycastle-tls-1.68-3.2.ppc64le", "product_id": "bouncycastle-tls-1.68-3.2.ppc64le" } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "bouncycastle-1.68-3.2.s390x", "product": { "name": "bouncycastle-1.68-3.2.s390x", "product_id": "bouncycastle-1.68-3.2.s390x" } }, { "category": "product_version", "name": "bouncycastle-javadoc-1.68-3.2.s390x", "product": { "name": "bouncycastle-javadoc-1.68-3.2.s390x", "product_id": "bouncycastle-javadoc-1.68-3.2.s390x" } }, { "category": "product_version", "name": "bouncycastle-mail-1.68-3.2.s390x", "product": { "name": "bouncycastle-mail-1.68-3.2.s390x", "product_id": "bouncycastle-mail-1.68-3.2.s390x" } }, { "category": "product_version", "name": "bouncycastle-pg-1.68-3.2.s390x", "product": { "name": "bouncycastle-pg-1.68-3.2.s390x", "product_id": "bouncycastle-pg-1.68-3.2.s390x" } }, { "category": "product_version", "name": "bouncycastle-pkix-1.68-3.2.s390x", "product": { "name": "bouncycastle-pkix-1.68-3.2.s390x", "product_id": "bouncycastle-pkix-1.68-3.2.s390x" } }, { "category": "product_version", "name": "bouncycastle-tls-1.68-3.2.s390x", "product": { "name": "bouncycastle-tls-1.68-3.2.s390x", "product_id": "bouncycastle-tls-1.68-3.2.s390x" } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "bouncycastle-1.68-3.2.x86_64", "product": { "name": "bouncycastle-1.68-3.2.x86_64", "product_id": "bouncycastle-1.68-3.2.x86_64" } }, { "category": "product_version", "name": "bouncycastle-javadoc-1.68-3.2.x86_64", "product": { "name": "bouncycastle-javadoc-1.68-3.2.x86_64", "product_id": "bouncycastle-javadoc-1.68-3.2.x86_64" } }, { "category": "product_version", "name": "bouncycastle-mail-1.68-3.2.x86_64", "product": { "name": "bouncycastle-mail-1.68-3.2.x86_64", "product_id": "bouncycastle-mail-1.68-3.2.x86_64" } }, { "category": "product_version", "name": "bouncycastle-pg-1.68-3.2.x86_64", "product": { "name": "bouncycastle-pg-1.68-3.2.x86_64", "product_id": "bouncycastle-pg-1.68-3.2.x86_64" } }, { "category": "product_version", "name": "bouncycastle-pkix-1.68-3.2.x86_64", "product": { "name": "bouncycastle-pkix-1.68-3.2.x86_64", "product_id": "bouncycastle-pkix-1.68-3.2.x86_64" } }, { "category": "product_version", "name": "bouncycastle-tls-1.68-3.2.x86_64", "product": { "name": "bouncycastle-tls-1.68-3.2.x86_64", "product_id": "bouncycastle-tls-1.68-3.2.x86_64" } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_name", "name": "openSUSE Tumbleweed", "product": { "name": "openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed", "product_identification_helper": { "cpe": "cpe:/o:opensuse:tumbleweed" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-1.68-3.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64" }, "product_reference": "bouncycastle-1.68-3.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-1.68-3.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le" }, "product_reference": "bouncycastle-1.68-3.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-1.68-3.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x" }, "product_reference": "bouncycastle-1.68-3.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-1.68-3.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64" }, "product_reference": "bouncycastle-1.68-3.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-javadoc-1.68-3.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64" }, "product_reference": "bouncycastle-javadoc-1.68-3.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-javadoc-1.68-3.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le" }, "product_reference": "bouncycastle-javadoc-1.68-3.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-javadoc-1.68-3.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x" }, "product_reference": "bouncycastle-javadoc-1.68-3.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-javadoc-1.68-3.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64" }, "product_reference": "bouncycastle-javadoc-1.68-3.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-mail-1.68-3.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64" }, "product_reference": "bouncycastle-mail-1.68-3.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-mail-1.68-3.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le" }, "product_reference": "bouncycastle-mail-1.68-3.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-mail-1.68-3.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x" }, "product_reference": "bouncycastle-mail-1.68-3.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-mail-1.68-3.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64" }, "product_reference": "bouncycastle-mail-1.68-3.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pg-1.68-3.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64" }, "product_reference": "bouncycastle-pg-1.68-3.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pg-1.68-3.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le" }, "product_reference": "bouncycastle-pg-1.68-3.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pg-1.68-3.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x" }, "product_reference": "bouncycastle-pg-1.68-3.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pg-1.68-3.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64" }, "product_reference": "bouncycastle-pg-1.68-3.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pkix-1.68-3.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64" }, "product_reference": "bouncycastle-pkix-1.68-3.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pkix-1.68-3.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le" }, "product_reference": "bouncycastle-pkix-1.68-3.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pkix-1.68-3.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x" }, "product_reference": "bouncycastle-pkix-1.68-3.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-pkix-1.68-3.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64" }, "product_reference": "bouncycastle-pkix-1.68-3.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-tls-1.68-3.2.aarch64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64" }, "product_reference": "bouncycastle-tls-1.68-3.2.aarch64", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-tls-1.68-3.2.ppc64le as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le" }, "product_reference": "bouncycastle-tls-1.68-3.2.ppc64le", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-tls-1.68-3.2.s390x as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x" }, "product_reference": "bouncycastle-tls-1.68-3.2.s390x", "relates_to_product_reference": "openSUSE Tumbleweed" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-tls-1.68-3.2.x86_64 as component of openSUSE Tumbleweed", "product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" }, "product_reference": "bouncycastle-tls-1.68-3.2.x86_64", "relates_to_product_reference": "openSUSE Tumbleweed" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-1000338", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000338" } ], "notes": [ { "category": "general", "text": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000338", "url": "https://www.suse.com/security/cve/CVE-2016-1000338" }, { "category": "external", "summary": "SUSE Bug 1095722 for CVE-2016-1000338", "url": "https://bugzilla.suse.com/1095722" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2016-1000338" }, { "cve": "CVE-2016-1000339", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000339" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000339", "url": "https://www.suse.com/security/cve/CVE-2016-1000339" }, { "category": "external", "summary": "SUSE Bug 1095853 for CVE-2016-1000339", "url": "https://bugzilla.suse.com/1095853" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000339" }, { "cve": "CVE-2016-1000340", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000340" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000340", "url": "https://www.suse.com/security/cve/CVE-2016-1000340" }, { "category": "external", "summary": "SUSE Bug 1095854 for CVE-2016-1000340", "url": "https://bugzilla.suse.com/1095854" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000340" }, { "cve": "CVE-2016-1000341", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000341" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature\u0027s k value and ultimately the private value as well.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000341", "url": "https://www.suse.com/security/cve/CVE-2016-1000341" }, { "category": "external", "summary": "SUSE Bug 1095852 for CVE-2016-1000341", "url": "https://bugzilla.suse.com/1095852" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000341" }, { "cve": "CVE-2016-1000342", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000342" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000342", "url": "https://www.suse.com/security/cve/CVE-2016-1000342" }, { "category": "external", "summary": "SUSE Bug 1095850 for CVE-2016-1000342", "url": "https://bugzilla.suse.com/1095850" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000342" }, { "cve": "CVE-2016-1000343", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000343" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000343", "url": "https://www.suse.com/security/cve/CVE-2016-1000343" }, { "category": "external", "summary": "SUSE Bug 1095849 for CVE-2016-1000343", "url": "https://bugzilla.suse.com/1095849" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000343" }, { "cve": "CVE-2016-1000344", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000344" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000344", "url": "https://www.suse.com/security/cve/CVE-2016-1000344" }, { "category": "external", "summary": "SUSE Bug 1096026 for CVE-2016-1000344", "url": "https://bugzilla.suse.com/1096026" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000344" }, { "cve": "CVE-2016-1000345", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000345" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000345", "url": "https://www.suse.com/security/cve/CVE-2016-1000345" }, { "category": "external", "summary": "SUSE Bug 1096025 for CVE-2016-1000345", "url": "https://bugzilla.suse.com/1096025" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000345" }, { "cve": "CVE-2016-1000346", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000346" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party\u0027s private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000346", "url": "https://www.suse.com/security/cve/CVE-2016-1000346" }, { "category": "external", "summary": "SUSE Bug 1096024 for CVE-2016-1000346", "url": "https://bugzilla.suse.com/1096024" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 3.7, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000346" }, { "cve": "CVE-2016-1000352", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2016-1000352" } ], "notes": [ { "category": "general", "text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2016-1000352", "url": "https://www.suse.com/security/cve/CVE-2016-1000352" }, { "category": "external", "summary": "SUSE Bug 1096022 for CVE-2016-1000352", "url": "https://bugzilla.suse.com/1096022" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2016-1000352" }, { "cve": "CVE-2017-13098", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-13098" } ], "notes": [ { "category": "general", "text": "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2017-13098", "url": "https://www.suse.com/security/cve/CVE-2017-13098" }, { "category": "external", "summary": "SUSE Bug 1072697 for CVE-2017-13098", "url": "https://bugzilla.suse.com/1072697" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "low" } ], "title": "CVE-2017-13098" }, { "cve": "CVE-2018-1000180", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000180" } ], "notes": [ { "category": "general", "text": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000180", "url": "https://www.suse.com/security/cve/CVE-2018-1000180" }, { "category": "external", "summary": "SUSE Bug 1096291 for CVE-2018-1000180", "url": "https://bugzilla.suse.com/1096291" }, { "category": "external", "summary": "SUSE Bug 1153385 for CVE-2018-1000180", "url": "https://bugzilla.suse.com/1153385" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2018-1000180" }, { "cve": "CVE-2018-1000613", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000613" } ], "notes": [ { "category": "general", "text": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000613", "url": "https://www.suse.com/security/cve/CVE-2018-1000613" }, { "category": "external", "summary": "SUSE Bug 1096291 for CVE-2018-1000613", "url": "https://bugzilla.suse.com/1096291" }, { "category": "external", "summary": "SUSE Bug 1100694 for CVE-2018-1000613", "url": "https://bugzilla.suse.com/1100694" }, { "category": "external", "summary": "SUSE Bug 1153385 for CVE-2018-1000613", "url": "https://bugzilla.suse.com/1153385" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2018-1000613" }, { "cve": "CVE-2019-17359", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2019-17359" } ], "notes": [ { "category": "general", "text": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2019-17359", "url": "https://www.suse.com/security/cve/CVE-2019-17359" }, { "category": "external", "summary": "SUSE Bug 1153385 for CVE-2019-17359", "url": "https://bugzilla.suse.com/1153385" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2019-17359" }, { "cve": "CVE-2020-15522", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-15522" } ], "notes": [ { "category": "general", "text": "Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-15522", "url": "https://www.suse.com/security/cve/CVE-2020-15522" }, { "category": "external", "summary": "SUSE Bug 1186328 for CVE-2020-15522", "url": "https://bugzilla.suse.com/1186328" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "moderate" } ], "title": "CVE-2020-15522" }, { "cve": "CVE-2020-28052", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2020-28052" } ], "notes": [ { "category": "general", "text": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] }, "references": [ { "category": "external", "summary": "CVE-2020-28052", "url": "https://www.suse.com/security/cve/CVE-2020-28052" }, { "category": "external", "summary": "SUSE Bug 1180215 for CVE-2020-28052", "url": "https://bugzilla.suse.com/1180215" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "scores": [ { "cvss_v3": { "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x", "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64" ] } ], "threats": [ { "category": "impact", "date": "2024-06-15T00:00:00Z", "details": "important" } ], "title": "CVE-2020-28052" } ] }
opensuse-su-2020:0607-1
Vulnerability from csaf_opensuse
Notes
{ "document": { "aggregate_severity": { "namespace": "https://www.suse.com/support/security/rating/", "text": "moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright 2024 SUSE LLC. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Security update for bouncycastle", "title": "Title of the patch" }, { "category": "description", "text": "This update for bouncycastle fixes the following issues:\n\nVersion update to 1.60:\n\n* CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code (boo#1100694)\n\n* Release notes:\n http://www.bouncycastle.org/releasenotes.html\n\nVersion update to 1.59: \n\n* CVE-2017-13098: Fix against Bleichenbacher oracle when not\n using the lightweight APIs (boo#1072697).\n* Release notes:\n http://www.bouncycastle.org/releasenotes.html\n\n", "title": "Description of the patch" }, { "category": "details", "text": "openSUSE-2020-607", "title": "Patchnames" }, { "category": "legal_disclaimer", "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", "title": "Terms of use" } ], "publisher": { "category": "vendor", "contact_details": "https://www.suse.com/support/security/contact/", "name": "SUSE Product Security Team", "namespace": "https://www.suse.com/" }, "references": [ { "category": "external", "summary": "SUSE ratings", "url": "https://www.suse.com/support/security/rating/" }, { "category": "self", "summary": "URL of this CSAF notice", "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0607-1.json" }, { "category": "self", "summary": "URL for openSUSE-SU-2020:0607-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SJ5CQDJZHIR5UUASDLGQDV3YILWDOSU3/" }, { "category": "self", "summary": "E-Mail link for openSUSE-SU-2020:0607-1", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SJ5CQDJZHIR5UUASDLGQDV3YILWDOSU3/" }, { "category": "self", "summary": "SUSE Bug 1072697", "url": "https://bugzilla.suse.com/1072697" }, { "category": "self", "summary": "SUSE Bug 1100694", "url": "https://bugzilla.suse.com/1100694" }, { "category": "self", "summary": "SUSE CVE CVE-2017-13098 page", "url": "https://www.suse.com/security/cve/CVE-2017-13098/" }, { "category": "self", "summary": "SUSE CVE CVE-2018-1000613 page", "url": "https://www.suse.com/security/cve/CVE-2018-1000613/" } ], "title": "Security update for bouncycastle", "tracking": { "current_release_date": "2020-05-03T16:19:33Z", "generator": { "date": "2020-05-03T16:19:33Z", "engine": { "name": "cve-database.git:bin/generate-csaf.pl", "version": "1" } }, "id": "openSUSE-SU-2020:0607-1", "initial_release_date": "2020-05-03T16:19:33Z", "revision_history": [ { "date": "2020-05-03T16:19:33Z", "number": "1", "summary": "Current version" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "bouncycastle-1.60-lp151.3.3.1.noarch", "product": { "name": "bouncycastle-1.60-lp151.3.3.1.noarch", "product_id": "bouncycastle-1.60-lp151.3.3.1.noarch" } }, { "category": "product_version", "name": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch", "product": { "name": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch", "product_id": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_name", "name": "openSUSE Leap 15.1", "product": { "name": "openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1", "product_identification_helper": { "cpe": "cpe:/o:opensuse:leap:15.1" } } } ], "category": "product_family", "name": "SUSE Linux Enterprise" } ], "category": "vendor", "name": "SUSE" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-1.60-lp151.3.3.1.noarch as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch" }, "product_reference": "bouncycastle-1.60-lp151.3.3.1.noarch", "relates_to_product_reference": "openSUSE Leap 15.1" }, { "category": "default_component_of", "full_product_name": { "name": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch as component of openSUSE Leap 15.1", "product_id": "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" }, "product_reference": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch", "relates_to_product_reference": "openSUSE Leap 15.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-13098", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2017-13098" } ], "notes": [ { "category": "general", "text": "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\"", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch", "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2017-13098", "url": "https://www.suse.com/security/cve/CVE-2017-13098" }, { "category": "external", "summary": "SUSE Bug 1072697 for CVE-2017-13098", "url": "https://bugzilla.suse.com/1072697" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch", "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch", "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2020-05-03T16:19:33Z", "details": "low" } ], "title": "CVE-2017-13098" }, { "cve": "CVE-2018-1000613", "ids": [ { "system_name": "SUSE CVE Page", "text": "https://www.suse.com/security/cve/CVE-2018-1000613" } ], "notes": [ { "category": "general", "text": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "title": "CVE description" } ], "product_status": { "recommended": [ "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch", "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" ] }, "references": [ { "category": "external", "summary": "CVE-2018-1000613", "url": "https://www.suse.com/security/cve/CVE-2018-1000613" }, { "category": "external", "summary": "SUSE Bug 1096291 for CVE-2018-1000613", "url": "https://bugzilla.suse.com/1096291" }, { "category": "external", "summary": "SUSE Bug 1100694 for CVE-2018-1000613", "url": "https://bugzilla.suse.com/1100694" }, { "category": "external", "summary": "SUSE Bug 1153385 for CVE-2018-1000613", "url": "https://bugzilla.suse.com/1153385" } ], "remediations": [ { "category": "vendor_fix", "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", "product_ids": [ "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch", "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch", "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch" ] } ], "threats": [ { "category": "impact", "date": "2020-05-03T16:19:33Z", "details": "moderate" } ], "title": "CVE-2018-1000613" } ] }
wid-sec-w-2024-1682
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Retail Allocation ist ein Verwaltungswerkzeug.\r\nOracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud L\u00f6sungen f\u00fcr Abrechnung und Verwaltung in Unternehmen des Hotel- und Gastst\u00e4ttengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.\r\nOracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1682 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1682.json" }, { "category": "self", "summary": "WID-SEC-2024-1682 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1682" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixRAPP" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20240719-0002 vom 2024-07-19", "url": "https://security.netapp.com/advisory/ntap-20240719-0002/" } ], "source_lang": "en-US", "title": "Oracle Retail Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-07-21T22:00:00.000+00:00", "generator": { "date": "2024-08-15T18:11:37.885+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2024-1682", "initial_release_date": "2019-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2019-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-07-21T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von NetApp aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "T034125", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:-" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "15.0.2", "product": { "name": "Oracle Retail Allocation 15.0.2", "product_id": "T014004", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_allocation:15.0.2" } } } ], "category": "product_name", "name": "Retail Allocation" }, { "branches": [ { "category": "product_version", "name": "12", "product": { "name": "Oracle Retail Invoice Matching 12.0", "product_id": "T001982", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:12.0" } } }, { "category": "product_version", "name": "13", "product": { "name": "Oracle Retail Invoice Matching 13.0", "product_id": "T001985", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:13.0" } } }, { "category": "product_version", "name": "13.2", "product": { "name": "Oracle Retail Invoice Matching 13.2", "product_id": "T001987", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:13.2" } } }, { "category": "product_version", "name": "14", "product": { "name": "Oracle Retail Invoice Matching 14.0", "product_id": "T004005", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:14.0" } } }, { "category": "product_version", "name": "13.1", "product": { "name": "Oracle Retail Invoice Matching 13.1", "product_id": "T004011", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:13.1" } } }, { "category": "product_version", "name": "15", "product": { "name": "Oracle Retail Invoice Matching 15.0", "product_id": "T012089", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:15.0" } } }, { "category": "product_version", "name": "14.1", "product": { "name": "Oracle Retail Invoice Matching 14.1", "product_id": "T014012", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:14.1" } } } ], "category": "product_name", "name": "Retail Invoice Matching" }, { "branches": [ { "category": "product_version", "name": "2.9.5.6", "product": { "name": "Oracle Retail MICROS 2.9.5.6", "product_id": "T014005", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:2.9.5.6" } } }, { "category": "product_version", "name": "2.9.5.7", "product": { "name": "Oracle Retail MICROS 2.9.5.7", "product_id": "T014006", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:2.9.5.7" } } }, { "category": "product_version", "name": "11.4", "product": { "name": "Oracle Retail MICROS 11.4", "product_id": "T014007", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:11.4" } } }, { "category": "product_version", "name": "12.1.2", "product": { "name": "Oracle Retail MICROS 12.1.2", "product_id": "T014008", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:12.1.2" } } } ], "category": "product_name", "name": "Retail MICROS" }, { "branches": [ { "category": "product_version", "name": "1.60.9.0.0", "product": { "name": "Oracle Retail Workforce Management 1.60.9.0.0", "product_id": "T014013", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_workforce_management:1.60.9.0.0" } } } ], "category": "product_name", "name": "Retail Workforce Management" }, { "branches": [ { "category": "product_version", "name": "7", "product": { "name": "Oracle Retail Xstore Point of Service 7.0", "product_id": "T012096", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_point-of-service:7.0" } } }, { "category": "product_version", "name": "7.1", "product": { "name": "Oracle Retail Xstore Point of Service 7.1", "product_id": "T012099", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_point-of-service:7.1" } } } ], "category": "product_name", "name": "Retail Xstore Point of Service" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-9515", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2014-9515" }, { "cve": "CVE-2015-9251", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2015-9251" }, { "cve": "CVE-2016-1000031", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2016-1000031" }, { "cve": "CVE-2017-5533", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2017-5533" }, { "cve": "CVE-2018-1000180", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1000180" }, { "cve": "CVE-2018-1000613", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1000613" }, { "cve": "CVE-2018-11763", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-11763" }, { "cve": "CVE-2018-11784", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-11784" }, { "cve": "CVE-2018-12022", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-12022" }, { "cve": "CVE-2018-12023", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-12023" }, { "cve": "CVE-2018-1304", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1304" }, { "cve": "CVE-2018-1305", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1305" }, { "cve": "CVE-2018-14718", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14718" }, { "cve": "CVE-2018-14719", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14719" }, { "cve": "CVE-2018-14720", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14720" }, { "cve": "CVE-2018-14721", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14721" }, { "cve": "CVE-2018-15756", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-15756" }, { "cve": "CVE-2018-19360", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-19360" }, { "cve": "CVE-2018-19361", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-19361" }, { "cve": "CVE-2018-19362", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-19362" }, { "cve": "CVE-2018-2880", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-2880" }, { "cve": "CVE-2018-3120", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-3120" }, { "cve": "CVE-2018-3312", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-3312" }, { "cve": "CVE-2018-3314", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-3314" }, { "cve": "CVE-2018-7489", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-7489" }, { "cve": "CVE-2018-8034", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-8034" }, { "cve": "CVE-2019-2424", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2019-2424" }, { "cve": "CVE-2019-2558", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2019-2558" }, { "cve": "CVE-2019-3772", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2019-3772" } ] }
WID-SEC-W-2024-1682
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Oracle Retail Allocation ist ein Verwaltungswerkzeug.\r\nOracle MICROS bietet eine Reihe von Software, Hardware und Dienstleistungen zusammen mit schnell wachsenden Cloud L\u00f6sungen f\u00fcr Abrechnung und Verwaltung in Unternehmen des Hotel- und Gastst\u00e4ttengewerbes, Reiseveranstalter und Veranstaltern von Kreuzfahrten sowie in Unternehmen der Freizeit- und Unterhaltungsbranche.\r\nOracle Invoice Matching ist ein Tool zum Verwalten von Lieferantenrechnungen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Retail Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1682 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2024-1682.json" }, { "category": "self", "summary": "WID-SEC-2024-1682 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1682" }, { "category": "external", "summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixRAPP" }, { "category": "external", "summary": "NetApp Security Advisory NTAP-20240719-0002 vom 2024-07-19", "url": "https://security.netapp.com/advisory/ntap-20240719-0002/" } ], "source_lang": "en-US", "title": "Oracle Retail Applications: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-07-21T22:00:00.000+00:00", "generator": { "date": "2024-08-15T18:11:37.885+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2024-1682", "initial_release_date": "2019-04-16T22:00:00.000+00:00", "revision_history": [ { "date": "2019-04-16T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-07-21T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von NetApp aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "NetApp ActiveIQ Unified Manager", "product": { "name": "NetApp ActiveIQ Unified Manager", "product_id": "T034125", "product_identification_helper": { "cpe": "cpe:/a:netapp:active_iq_unified_manager:-" } } } ], "category": "vendor", "name": "NetApp" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "15.0.2", "product": { "name": "Oracle Retail Allocation 15.0.2", "product_id": "T014004", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_allocation:15.0.2" } } } ], "category": "product_name", "name": "Retail Allocation" }, { "branches": [ { "category": "product_version", "name": "12", "product": { "name": "Oracle Retail Invoice Matching 12.0", "product_id": "T001982", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:12.0" } } }, { "category": "product_version", "name": "13", "product": { "name": "Oracle Retail Invoice Matching 13.0", "product_id": "T001985", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:13.0" } } }, { "category": "product_version", "name": "13.2", "product": { "name": "Oracle Retail Invoice Matching 13.2", "product_id": "T001987", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:13.2" } } }, { "category": "product_version", "name": "14", "product": { "name": "Oracle Retail Invoice Matching 14.0", "product_id": "T004005", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:14.0" } } }, { "category": "product_version", "name": "13.1", "product": { "name": "Oracle Retail Invoice Matching 13.1", "product_id": "T004011", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:13.1" } } }, { "category": "product_version", "name": "15", "product": { "name": "Oracle Retail Invoice Matching 15.0", "product_id": "T012089", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:15.0" } } }, { "category": "product_version", "name": "14.1", "product": { "name": "Oracle Retail Invoice Matching 14.1", "product_id": "T014012", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_invoice_matching:14.1" } } } ], "category": "product_name", "name": "Retail Invoice Matching" }, { "branches": [ { "category": "product_version", "name": "2.9.5.6", "product": { "name": "Oracle Retail MICROS 2.9.5.6", "product_id": "T014005", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:2.9.5.6" } } }, { "category": "product_version", "name": "2.9.5.7", "product": { "name": "Oracle Retail MICROS 2.9.5.7", "product_id": "T014006", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:2.9.5.7" } } }, { "category": "product_version", "name": "11.4", "product": { "name": "Oracle Retail MICROS 11.4", "product_id": "T014007", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:11.4" } } }, { "category": "product_version", "name": "12.1.2", "product": { "name": "Oracle Retail MICROS 12.1.2", "product_id": "T014008", "product_identification_helper": { "cpe": "cpe:/a:oracle:micros:12.1.2" } } } ], "category": "product_name", "name": "Retail MICROS" }, { "branches": [ { "category": "product_version", "name": "1.60.9.0.0", "product": { "name": "Oracle Retail Workforce Management 1.60.9.0.0", "product_id": "T014013", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_workforce_management:1.60.9.0.0" } } } ], "category": "product_name", "name": "Retail Workforce Management" }, { "branches": [ { "category": "product_version", "name": "7", "product": { "name": "Oracle Retail Xstore Point of Service 7.0", "product_id": "T012096", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_point-of-service:7.0" } } }, { "category": "product_version", "name": "7.1", "product": { "name": "Oracle Retail Xstore Point of Service 7.1", "product_id": "T012099", "product_identification_helper": { "cpe": "cpe:/a:oracle:retail_point-of-service:7.1" } } } ], "category": "product_name", "name": "Retail Xstore Point of Service" } ], "category": "vendor", "name": "Oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-9515", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2014-9515" }, { "cve": "CVE-2015-9251", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2015-9251" }, { "cve": "CVE-2016-1000031", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2016-1000031" }, { "cve": "CVE-2017-5533", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2017-5533" }, { "cve": "CVE-2018-1000180", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1000180" }, { "cve": "CVE-2018-1000613", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1000613" }, { "cve": "CVE-2018-11763", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-11763" }, { "cve": "CVE-2018-11784", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-11784" }, { "cve": "CVE-2018-12022", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-12022" }, { "cve": "CVE-2018-12023", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-12023" }, { "cve": "CVE-2018-1304", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1304" }, { "cve": "CVE-2018-1305", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-1305" }, { "cve": "CVE-2018-14718", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14718" }, { "cve": "CVE-2018-14719", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14719" }, { "cve": "CVE-2018-14720", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14720" }, { "cve": "CVE-2018-14721", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-14721" }, { "cve": "CVE-2018-15756", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-15756" }, { "cve": "CVE-2018-19360", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-19360" }, { "cve": "CVE-2018-19361", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-19361" }, { "cve": "CVE-2018-19362", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-19362" }, { "cve": "CVE-2018-2880", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-2880" }, { "cve": "CVE-2018-3120", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-3120" }, { "cve": "CVE-2018-3312", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-3312" }, { "cve": "CVE-2018-3314", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-3314" }, { "cve": "CVE-2018-7489", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-7489" }, { "cve": "CVE-2018-8034", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2018-8034" }, { "cve": "CVE-2019-2424", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2019-2424" }, { "cve": "CVE-2019-2558", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2019-2558" }, { "cve": "CVE-2019-3772", "notes": [ { "category": "description", "text": "In Oracle Retail Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung und keine Benutzerinteraktion notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Confidentiality\", \"Integrity\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he." } ], "product_status": { "known_affected": [ "T004011", "T004005", "T014007", "T014008", "T014005", "T014006", "T012089", "T014004", "T014012", "T034125", "T012099", "T014013", "T012096", "T001987", "T001985", "T001982" ] }, "release_date": "2019-04-16T22:00:00.000+00:00", "title": "CVE-2019-3772" } ] }
gsd-2018-1000613
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2018-1000613", "description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "id": "GSD-2018-1000613", "references": [ "https://www.suse.com/security/cve/CVE-2018-1000613.html", "https://advisories.mageia.org/CVE-2018-1000613.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-1000613" ], "details": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "id": "GSD-2018-1000613", "modified": "2023-12-13T01:22:27.634821Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "2018-07-08T15:52:41.190527", "DATE_REQUESTED": "2018-06-29T04:46:08", "ID": "CVE-2018-1000613", "REQUESTER": "dgh@bouncycastle.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "openSUSE-SU-2020:0607", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://security.netapp.com/advisory/ntap-20190204-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574", "refsource": "CONFIRM", "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc", "refsource": "CONFIRM", "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "name": "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,1.60)", "affected_versions": "All versions before 1.60", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-470", "CWE-502", "CWE-78", "CWE-937" ], "date": "2021-06-15", "description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "fixed_versions": [ "1.60" ], "identifier": "CVE-2018-1000613", "identifiers": [ "GHSA-4446-656p-f54g", "CVE-2018-1000613" ], "not_impacted": "All versions starting from 1.60", "package_slug": "maven/org.bouncycastle/bcprov-jdk14", "pubdate": "2018-10-17", "solution": "Upgrade to version 1.60 or above.", "title": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613", "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574", "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc", "https://github.com/advisories/GHSA-4446-656p-f54g" ], "uuid": "88f082b0-cbbb-4c44-9116-77f033fc0a3a" }, { "affected_range": "(,1.60)", "affected_versions": "All versions before 1.60", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-470", "CWE-502", "CWE-78", "CWE-937" ], "date": "2021-06-15", "description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "fixed_versions": [ "1.60" ], "identifier": "CVE-2018-1000613", "identifiers": [ "GHSA-4446-656p-f54g", "CVE-2018-1000613" ], "not_impacted": "All versions starting from 1.60", "package_slug": "maven/org.bouncycastle/bcprov-jdk15", "pubdate": "2018-10-17", "solution": "Upgrade to version 1.60 or above.", "title": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613", "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574", "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc", "https://github.com/advisories/GHSA-4446-656p-f54g" ], "uuid": "e3272cab-4940-46fc-893f-f39afcfcf748" }, { "affected_range": "[1.57,1.60)", "affected_versions": "All versions starting from 1.57 before 1.60", "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cwe_ids": [ "CWE-1035", "CWE-470", "CWE-502", "CWE-78", "CWE-937" ], "date": "2023-08-18", "description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.", "fixed_versions": [ "1.60" ], "identifier": "CVE-2018-1000613", "identifiers": [ "GHSA-4446-656p-f54g", "CVE-2018-1000613" ], "not_impacted": "All versions before 1.57, all versions starting from 1.60", "package_slug": "maven/org.bouncycastle/bcprov-jdk15on", "pubdate": "2018-10-17", "solution": "Upgrade to version 1.60 or above.", "title": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613", "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574", "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc", "https://github.com/advisories/GHSA-4446-656p-f54g", "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E", "https://security.netapp.com/advisory/ntap-20190204-0003/", "https://www.oracle.com/security-alerts/cpuApr2021.html", "https://www.oracle.com/security-alerts/cpuapr2020.html", "https://www.oracle.com/security-alerts/cpuoct2020.html", "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html", "https://github.com/bcgit/bc-java/commit/cc9f91c41be67e88fca4e38f4872418448950fd9" ], "uuid": "f1bb099e-a226-4076-bcd9-4b941e82f461" } ] }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*", "matchCriteriaId": "103B84A1-259F-499D-BF18-BC356433F826", "versionEndExcluding": "1.60", "versionStartIncluding": "1.58", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FD9D7511-2934-4974-9C9E-3BE03B846734", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4", "versionEndExcluding": "7.0.0.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "5BDED89A-7C6F-41E9-A91F-9B09D401F85D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "19E630B9-B5E5-442A-B75C-1E4771072A03", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF", "versionEndExcluding": "7.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "96B35E9A-5557-4D77-AE53-816B3C481E02", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*", "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*", "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*", "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF4C318C-5D1E-479B-9597-9FAD9E186111", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "51D7B9B6-B41A-4DEA-9946-59A84FAC57E5", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1EB1CD1A-E760-4357-AF51-B38A852FA980", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "693C97B5-25B4-4DF3-A7D7-02C722A3DD88", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later." }, { "lang": "es", "value": "Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores." } ], "id": "CVE-2018-1000613", "lastModified": "2024-01-25T02:15:58.283", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2018-07-09T20:29:00.283", "references": [ { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574" }, { "source": "cve@mitre.org", "tags": [ "Patch" ], "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190204-0003/" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-470" } ], "source": "nvd@nist.gov", "type": "Primary" } ] } } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.