Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1000613 (GCVE-0-2018-1000613)
Vulnerability from cvelistv5 – Published: 2018-07-09 20:00 – Updated: 2024-11-14 20:37- n/a
| URL | Tags |
|---|---|
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://www.oracle.com/security-alerts/cpuapr2020.html | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_CONFIRM |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://lists.apache.org/thread.html/rf1bbc0ea4a9… | mailing-listx_refsource_MLIST |
| https://www.oracle.com/security-alerts/cpuoct2020.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019020… | x_refsource_CONFIRM |
| https://github.com/bcgit/bc-java/commit/4092ede58… | x_refsource_CONFIRM |
| https://github.com/bcgit/bc-java/commit/cd98322b1… | x_refsource_CONFIRM |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:40:47.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0607",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-1000613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:03:21.865602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T20:37:00.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2018-07-08T00:00:00.000Z",
"datePublic": "2018-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:03.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0607",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.190527",
"DATE_REQUESTED": "2018-06-29T04:46:08",
"ID": "CVE-2018-1000613",
"REQUESTER": "dgh@bouncycastle.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0607",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-1000613",
"datePublished": "2018-07-09T20:00:00.000Z",
"dateReserved": "2018-06-29T00:00:00.000Z",
"dateUpdated": "2024-11-14T20:37:00.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-1000613",
"date": "2026-07-15",
"epss": "0.04767",
"percentile": "0.90889"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.58\", \"versionEndExcluding\": \"1.60\", \"matchCriteriaId\": \"103B84A1-259F-499D-BF18-BC356433F826\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A5553591-073B-45E3-999F-21B8BA2EEE22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"132CE62A-FBFC-4001-81EC-35D81F73AF48\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"013043A2-0765-4AF5-ABFC-6A8960FFBFD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E869C417-C0E6-4FC3-B406-45598A1D1906\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD9D7511-2934-4974-9C9E-3BE03B846734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC967A48-D834-4E9B-8CEC-057E7D5B8174\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F920CDE4-DF29-4611-93E9-A386C89EDB62\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0.0.1\", \"matchCriteriaId\": \"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BDED89A-7C6F-41E9-A91F-9B09D401F85D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19E630B9-B5E5-442A-B75C-1E4771072A03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C4534CF9-D9FD-4936-9D8C-077387028A05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCA44E38-EB8C-4E2D-8611-B201F47520E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2\", \"matchCriteriaId\": \"77120A3C-9A48-45FC-A620-5072AF325ACF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"726DB59B-00C7-444E-83F7-CB31032482AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98F3E643-4B65-4668-BB11-C61ED54D5A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7582B307-3899-4BBB-B868-BC912A4D0109\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96B35E9A-5557-4D77-AE53-816B3C481E02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69300B13-8C0F-4433-A6E8-B2CE32C4723D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F9E13DD9-F456-4802-84AD-A2A1F12FE999\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F87FC90-16D0-4051-8280-B0DD4441F10B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AF4C318C-5D1E-479B-9597-9FAD9E186111\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65994DC4-C9C0-48B0-88AB-E2958B4EB9E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE188B12-D28E-490C-9948-F5305A7D55BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51D7B9B6-B41A-4DEA-9946-59A84FAC57E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1EB1CD1A-E760-4357-AF51-B38A852FA980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"693C97B5-25B4-4DF3-A7D7-02C722A3DD88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7756147-7168-4E03-93EE-31379F6BE88E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CBFF04EF-B1C3-4601-878A-35EA6A15EF0C\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"}, {\"lang\": \"es\", \"value\": \"Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\\u00f3n de c\\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\\u00e1n del class path para la aplicaci\\u00f3n en ejecuci\\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\\u00f3n 1.60 y versiones posteriores.\"}]",
"id": "CVE-2018-1000613",
"lastModified": "2024-11-21T03:40:13.780",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2018-07-09T20:29:00.283",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-470\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1000613\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-07-09T20:29:00.283\",\"lastModified\":\"2025-05-12T17:37:16.527\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"},{\"lang\":\"es\",\"value\":\"Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-470\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.58\",\"versionEndExcluding\":\"1.60\",\"matchCriteriaId\":\"1D6A34DD-AD94-470C-8262-D7257902FB74\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5553591-073B-45E3-999F-21B8BA2EEE22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8972497F-6E24-45A9-9A18-EB0E842CB1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"400509A8-D6F2-432C-A2F1-AD5B8778D0D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"132CE62A-FBFC-4001-81EC-35D81F73AF48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"013043A2-0765-4AF5-ABFC-6A8960FFBFD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B887E174-57AB-449D-AEE4-82DD1A3E5C84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E869C417-C0E6-4FC3-B406-45598A1D1906\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD9D7511-2934-4974-9C9E-3BE03B846734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC967A48-D834-4E9B-8CEC-057E7D5B8174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F920CDE4-DF29-4611-93E9-A386C89EDB62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0.1\",\"matchCriteriaId\":\"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDED89A-7C6F-41E9-A91F-9B09D401F85D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19E630B9-B5E5-442A-B75C-1E4771072A03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4534CF9-D9FD-4936-9D8C-077387028A05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D60384BD-284C-4A68-9EEF-0FAFDF0C21F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCA44E38-EB8C-4E2D-8611-B201F47520E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2\",\"matchCriteriaId\":\"77120A3C-9A48-45FC-A620-5072AF325ACF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"726DB59B-00C7-444E-83F7-CB31032482AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9901F6BA-78D5-45B8-9409-07FF1C6DDD38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7582B307-3899-4BBB-B868-BC912A4D0109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96B35E9A-5557-4D77-AE53-816B3C481E02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69300B13-8C0F-4433-A6E8-B2CE32C4723D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9E13DD9-F456-4802-84AD-A2A1F12FE999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2E3E923-E2AD-400D-A618-26ADF7F841A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45CB30A1-B2C9-4BF5-B510-1F2F18B60C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0A735B4-4F3C-416B-8C08-9CB21BAD2889\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87FC90-16D0-4051-8280-B0DD4441F10B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF4C318C-5D1E-479B-9597-9FAD9E186111\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65994DC4-C9C0-48B0-88AB-E2958B4EB9E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE188B12-D28E-490C-9948-F5305A7D55BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51D7B9B6-B41A-4DEA-9946-59A84FAC57E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EB1CD1A-E760-4357-AF51-B38A852FA980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"693C97B5-25B4-4DF3-A7D7-02C722A3DD88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7756147-7168-4E03-93EE-31379F6BE88E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFF04EF-B1C3-4601-878A-35EA6A15EF0C\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190204-0003/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20190204-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuApr2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-01-13T21:41:18+00:00",
"cve": "CVE-2018-1000613",
"id": "CVE-2018-1000613",
"initial_release_date": "2018-03-03T00:00:00+00:00",
"product_status:known_affected": "1",
"product_status:known_not_affected": "9",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "bouncycastle: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2018/cve-2018-1000613.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"name\": \"openSUSE-SU-2020:0607\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T12:40:47.584Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-1000613\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-01-29T19:03:21.865602Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-14T20:36:56.605Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2018-03-02T00:00:00.000Z\", \"references\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"name\": \"openSUSE-SU-2020:0607\", \"tags\": [\"vendor-advisory\", \"x_refsource_SUSE\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"tags\": [\"x_refsource_MISC\"]}], \"dateAssigned\": \"2018-07-08T00:00:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2021-06-14T17:20:03.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html\", \"name\": \"openSUSE-SU-2020:0607\", \"refsource\": \"SUSE\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E\", \"name\": \"[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12\", \"refsource\": \"MLIST\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"name\": \"https://security.netapp.com/advisory/ntap-20190204-0003/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"name\": \"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"name\": \"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"name\": \"https://www.oracle.com/security-alerts/cpuApr2021.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-1000613\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\", \"REQUESTER\": \"dgh@bouncycastle.org\", \"DATE_ASSIGNED\": \"2018-07-08T15:52:41.190527\", \"DATE_REQUESTED\": \"2018-06-29T04:46:08\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-1000613\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-14T20:37:00.531Z\", \"dateReserved\": \"2018-06-29T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2018-07-09T20:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
None| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Legion of the Bouncy Castle Inc., Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 1.58 \u0434\u043e 1.60 (Bouncy Castle), 2025.2.3.9 (Android Studio)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 \nhttps://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "09.07.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "10.02.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "31.05.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01880",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1000613",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Bouncy Castle, Android Studio",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b Bouncy Castle, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u0435 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0441 \u0432\u043d\u0435\u0448\u043d\u0438\u043c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0434\u043b\u044f \u0432\u044b\u0431\u043e\u0440\u0430 \u043a\u043b\u0430\u0441\u0441\u043e\u0432 \u0438\u043b\u0438 \u043a\u043e\u0434\u0430 (\u0027\u041d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0435 \u043e\u0442\u0440\u0430\u0436\u0435\u043d\u0438\u0435\u0027) (CWE-470), \u0412\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-502)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0437\u0430\u0449\u0438\u0442\u044b Bouncy Castle \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u043e\u0439 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u044b \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0441\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 \nhttps://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc \nhttps://security.netapp.com/advisory/ntap-20190204-0003/ \nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html \nhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-470, CWE-502",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}
FKIE_CVE-2018-1000613
Vulnerability from fkie_nvd - Published: 2018-07-09 20:29 - Updated: 2026-06-17 01:32| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 | Patch | |
| cve@mitre.org | https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc | Patch | |
| cve@mitre.org | https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | Mailing List | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190204-0003/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190204-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| bouncycastle | bc-java | * | |
| netapp | oncommand_workflow_automation | - | |
| opensuse | leap | 15.1 | |
| oracle | api_gateway | 11.1.2.4.0 | |
| oracle | banking_platform | 2.6.0 | |
| oracle | banking_platform | 2.6.1 | |
| oracle | banking_platform | 2.6.2 | |
| oracle | business_process_management_suite | 11.1.1.9.0 | |
| oracle | business_process_management_suite | 12.1.3.0.0 | |
| oracle | business_process_management_suite | 12.2.1.3.0 | |
| oracle | business_transaction_management | 12.1.0 | |
| oracle | communications_application_session_controller | 3.7.1 | |
| oracle | communications_application_session_controller | 3.8.0 | |
| oracle | communications_converged_application_server | * | |
| oracle | communications_converged_application_server | 7.0.0.1 | |
| oracle | communications_convergence | 3.0.2 | |
| oracle | communications_diameter_signaling_router | 8.0.0 | |
| oracle | communications_diameter_signaling_router | 8.1 | |
| oracle | communications_diameter_signaling_router | 8.2 | |
| oracle | communications_diameter_signaling_router | 8.2.1 | |
| oracle | communications_webrtc_session_controller | * | |
| oracle | communications_webrtc_session_controller | 7.2 | |
| oracle | data_integrator | 12.2.1.3.0 | |
| oracle | enterprise_manager_base_platform | 12.1.0.5.0 | |
| oracle | enterprise_manager_base_platform | 13.2.0.0 | |
| oracle | enterprise_manager_base_platform | 13.3.0.0 | |
| oracle | enterprise_manager_for_fusion_middleware | 13.2.0.0 | |
| oracle | enterprise_manager_for_fusion_middleware | 13.3.0.0 | |
| oracle | enterprise_repository | 11.1.1.7.0 | |
| oracle | enterprise_repository | 12.1.3.0.0 | |
| oracle | managed_file_transfer | 12.1.3.0.0 | |
| oracle | managed_file_transfer | 12.2.1.3.0 | |
| oracle | peoplesoft_enterprise_peopletools | 8.55 | |
| oracle | peoplesoft_enterprise_peopletools | 8.56 | |
| oracle | peoplesoft_enterprise_peopletools | 8.57 | |
| oracle | retail_convenience_and_fuel_pos_software | 2.8.1 | |
| oracle | retail_xstore_point_of_service | 7.0 | |
| oracle | retail_xstore_point_of_service | 7.1 | |
| oracle | soa_suite | 12.1.3.0.0 | |
| oracle | soa_suite | 12.2.1.3.0 | |
| oracle | utilities_network_management_system | 1.12.0.3 | |
| oracle | utilities_network_management_system | 2.3.0.0 | |
| oracle | utilities_network_management_system | 2.3.0.1 | |
| oracle | utilities_network_management_system | 2.3.0.2 | |
| oracle | webcenter_portal | 11.1.1.9.0 | |
| oracle | webcenter_portal | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.3 |
{
"affected": [
{
"affectedData": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"source": "cve@mitre.org"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6A34DD-AD94-470C-8262-D7257902FB74",
"versionEndExcluding": "1.60",
"versionStartIncluding": "1.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9D7511-2934-4974-9C9E-3BE03B846734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDED89A-7C6F-41E9-A91F-9B09D401F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19E630B9-B5E5-442A-B75C-1E4771072A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B35E9A-5557-4D77-AE53-816B3C481E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4C318C-5D1E-479B-9597-9FAD9E186111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51D7B9B6-B41A-4DEA-9946-59A84FAC57E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB1CD1A-E760-4357-AF51-B38A852FA980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "693C97B5-25B4-4DF3-A7D7-02C722A3DD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
},
{
"lang": "es",
"value": "Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores."
}
],
"id": "CVE-2018-1000613",
"lastModified": "2026-06-17T01:32:56.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2018-1000613",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:03:21.865602Z",
"version": "2.0.3"
}
}
]
},
"published": "2018-07-09T20:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4446-656P-F54G
Vulnerability from github – Published: 2018-10-17 16:23 – Updated: 2025-05-12 21:40Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.
This vulnerability appears to have been fixed in 1.60 and later.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.bouncycastle:bcprov-jdk15on"
},
"ranges": [
{
"events": [
{
"introduced": "1.57"
},
{
"fixed": "1.60"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000613"
],
"database_specific": {
"cwe_ids": [
"CWE-470",
"CWE-502"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T20:57:10Z",
"nvd_published_at": "2018-07-09T20:29:00Z",
"severity": "CRITICAL"
},
"details": "Legion of the Bouncy Castle Java Cryptography APIs starting in version 1.57 and prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. \n\nThis vulnerability appears to have been fixed in 1.60 and later.",
"id": "GHSA-4446-656p-f54g",
"modified": "2025-05-12T21:40:33Z",
"published": "2018-10-17T16:23:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/cc9f91c41be67e88fca4e38f4872418448950fd9"
},
{
"type": "WEB",
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-4446-656p-f54g"
},
{
"type": "PACKAGE",
"url": "https://github.com/bcgit/bc-java"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Deserialization of Untrusted Data in Bouncy castle"
}
GSD-2018-1000613
Vulnerability from gsd - Updated: 2023-12-13 01:22{
"GSD": {
"alias": "CVE-2018-1000613",
"description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"id": "GSD-2018-1000613",
"references": [
"https://www.suse.com/security/cve/CVE-2018-1000613.html",
"https://advisories.mageia.org/CVE-2018-1000613.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1000613"
],
"details": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"id": "GSD-2018-1000613",
"modified": "2023-12-13T01:22:27.634821Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.190527",
"DATE_REQUESTED": "2018-06-29T04:46:08",
"ID": "CVE-2018-1000613",
"REQUESTER": "dgh@bouncycastle.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0607",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,1.60)",
"affected_versions": "All versions before 1.60",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-470",
"CWE-502",
"CWE-78",
"CWE-937"
],
"date": "2021-06-15",
"description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"fixed_versions": [
"1.60"
],
"identifier": "CVE-2018-1000613",
"identifiers": [
"GHSA-4446-656p-f54g",
"CVE-2018-1000613"
],
"not_impacted": "All versions starting from 1.60",
"package_slug": "maven/org.bouncycastle/bcprov-jdk14",
"pubdate": "2018-10-17",
"solution": "Upgrade to version 1.60 or above.",
"title": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000613",
"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"https://github.com/advisories/GHSA-4446-656p-f54g"
],
"uuid": "88f082b0-cbbb-4c44-9116-77f033fc0a3a"
},
{
"affected_range": "(,1.60)",
"affected_versions": "All versions before 1.60",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-470",
"CWE-502",
"CWE-78",
"CWE-937"
],
"date": "2021-06-15",
"description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"fixed_versions": [
"1.60"
],
"identifier": "CVE-2018-1000613",
"identifiers": [
"GHSA-4446-656p-f54g",
"CVE-2018-1000613"
],
"not_impacted": "All versions starting from 1.60",
"package_slug": "maven/org.bouncycastle/bcprov-jdk15",
"pubdate": "2018-10-17",
"solution": "Upgrade to version 1.60 or above.",
"title": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000613",
"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"https://github.com/advisories/GHSA-4446-656p-f54g"
],
"uuid": "e3272cab-4940-46fc-893f-f39afcfcf748"
},
{
"affected_range": "[1.57,1.60)",
"affected_versions": "All versions starting from 1.57 before 1.60",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-470",
"CWE-502",
"CWE-78",
"CWE-937"
],
"date": "2023-08-18",
"description": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"fixed_versions": [
"1.60"
],
"identifier": "CVE-2018-1000613",
"identifiers": [
"GHSA-4446-656p-f54g",
"CVE-2018-1000613"
],
"not_impacted": "All versions before 1.57, all versions starting from 1.60",
"package_slug": "maven/org.bouncycastle/bcprov-jdk15on",
"pubdate": "2018-10-17",
"solution": "Upgrade to version 1.60 or above.",
"title": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2018-1000613",
"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
"https://github.com/advisories/GHSA-4446-656p-f54g",
"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20190204-0003/",
"https://www.oracle.com/security-alerts/cpuApr2021.html",
"https://www.oracle.com/security-alerts/cpuapr2020.html",
"https://www.oracle.com/security-alerts/cpuoct2020.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html",
"https://github.com/bcgit/bc-java/commit/cc9f91c41be67e88fca4e38f4872418448950fd9"
],
"uuid": "f1bb099e-a226-4076-bcd9-4b941e82f461"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*",
"matchCriteriaId": "103B84A1-259F-499D-BF18-BC356433F826",
"versionEndExcluding": "1.60",
"versionStartIncluding": "1.58",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD9D7511-2934-4974-9C9E-3BE03B846734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
"versionEndExcluding": "7.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDED89A-7C6F-41E9-A91F-9B09D401F85D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "19E630B9-B5E5-442A-B75C-1E4771072A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
"versionEndExcluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "96B35E9A-5557-4D77-AE53-816B3C481E02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
"matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4C318C-5D1E-479B-9597-9FAD9E186111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51D7B9B6-B41A-4DEA-9946-59A84FAC57E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB1CD1A-E760-4357-AF51-B38A852FA980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "693C97B5-25B4-4DF3-A7D7-02C722A3DD88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
},
{
"lang": "es",
"value": "Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores."
}
],
"id": "CVE-2018-1000613",
"lastModified": "2024-01-25T02:15:58.283",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-09T20:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
JVNDB-2018-008573
Vulnerability from jvndb - Published: 2018-10-23 15:15 - Updated:2018-11-20 18:15| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-008573.html",
"dc:date": "2018-11-20T18:15+09:00",
"dcterms:issued": "2018-10-23T15:15+09:00",
"dcterms:modified": "2018-11-20T18:15+09:00",
"description": "Multiple vulnerabilities have been found in Hitachi Infrastructure Analytics Advisor.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-008573.html",
"sec:cpe": {
"#text": "cpe:/a:hitachi:infrastructure_analytics_advisor",
"@product": "Hitachi Infrastructure Analytics Advisor",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-008573",
"sec:references": [
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613",
"@id": "CVE-2018-1000613",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000613",
"@id": "CVE-2018-1000613",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Multiple Vulnerabilities in Hitachi Infrastructure Analytics Advisor"
}
OPENSUSE-SU-2020:0607-1
Vulnerability from csaf_opensuse - Published: 2020-05-03 16:19 - Updated: 2020-05-03 16:19| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://lists.opensuse.org/archives/list/security… | self |
| https://bugzilla.suse.com/1072697 | self |
| https://bugzilla.suse.com/1100694 | self |
| https://www.suse.com/security/cve/CVE-2017-13098/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000613/ | self |
| https://www.suse.com/security/cve/CVE-2017-13098 | external |
| https://bugzilla.suse.com/1072697 | external |
| https://www.suse.com/security/cve/CVE-2018-1000613 | external |
| https://bugzilla.suse.com/1096291 | external |
| https://bugzilla.suse.com/1100694 | external |
| https://bugzilla.suse.com/1153385 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for bouncycastle",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for bouncycastle fixes the following issues:\n\nVersion update to 1.60:\n\n* CVE-2018-1000613: Use of Externally-ControlledInput to Select Classes or Code (boo#1100694)\n\n* Release notes:\n http://www.bouncycastle.org/releasenotes.html\n\nVersion update to 1.59: \n\n* CVE-2017-13098: Fix against Bleichenbacher oracle when not\n using the lightweight APIs (boo#1072697).\n* Release notes:\n http://www.bouncycastle.org/releasenotes.html\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-607",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0607-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0607-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SJ5CQDJZHIR5UUASDLGQDV3YILWDOSU3/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0607-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SJ5CQDJZHIR5UUASDLGQDV3YILWDOSU3/"
},
{
"category": "self",
"summary": "SUSE Bug 1072697",
"url": "https://bugzilla.suse.com/1072697"
},
{
"category": "self",
"summary": "SUSE Bug 1100694",
"url": "https://bugzilla.suse.com/1100694"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13098 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000613 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000613/"
}
],
"title": "Security update for bouncycastle",
"tracking": {
"current_release_date": "2020-05-03T16:19:33Z",
"generator": {
"date": "2020-05-03T16:19:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0607-1",
"initial_release_date": "2020-05-03T16:19:33Z",
"revision_history": [
{
"date": "2020-05-03T16:19:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bouncycastle-1.60-lp151.3.3.1.noarch",
"product": {
"name": "bouncycastle-1.60-lp151.3.3.1.noarch",
"product_id": "bouncycastle-1.60-lp151.3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch",
"product": {
"name": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch",
"product_id": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.60-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch"
},
"product_reference": "bouncycastle-1.60-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
},
"product_reference": "bouncycastle-javadoc-1.60-lp151.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-13098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13098"
}
],
"notes": [
{
"category": "general",
"text": "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13098",
"url": "https://www.suse.com/security/cve/CVE-2017-13098"
},
{
"category": "external",
"summary": "SUSE Bug 1072697 for CVE-2017-13098",
"url": "https://bugzilla.suse.com/1072697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-03T16:19:33Z",
"details": "important"
}
],
"title": "CVE-2017-13098"
},
{
"cve": "CVE-2018-1000613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000613"
}
],
"notes": [
{
"category": "general",
"text": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000613",
"url": "https://www.suse.com/security/cve/CVE-2018-1000613"
},
{
"category": "external",
"summary": "SUSE Bug 1096291 for CVE-2018-1000613",
"url": "https://bugzilla.suse.com/1096291"
},
{
"category": "external",
"summary": "SUSE Bug 1100694 for CVE-2018-1000613",
"url": "https://bugzilla.suse.com/1100694"
},
{
"category": "external",
"summary": "SUSE Bug 1153385 for CVE-2018-1000613",
"url": "https://bugzilla.suse.com/1153385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:bouncycastle-1.60-lp151.3.3.1.noarch",
"openSUSE Leap 15.1:bouncycastle-javadoc-1.60-lp151.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-03T16:19:33Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000613"
}
]
}
OPENSUSE-SU-2024:10661-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64 | — |
Vendor Fix
|
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2016-1000338/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000339/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000340/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000341/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000342/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000343/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000344/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000345/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000346/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000352/ | self |
| https://www.suse.com/security/cve/CVE-2017-13098/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000180/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000613/ | self |
| https://www.suse.com/security/cve/CVE-2019-17359/ | self |
| https://www.suse.com/security/cve/CVE-2020-15522/ | self |
| https://www.suse.com/security/cve/CVE-2020-28052/ | self |
| https://www.suse.com/security/cve/CVE-2016-1000338 | external |
| https://bugzilla.suse.com/1095722 | external |
| https://www.suse.com/security/cve/CVE-2016-1000339 | external |
| https://bugzilla.suse.com/1095853 | external |
| https://www.suse.com/security/cve/CVE-2016-1000340 | external |
| https://bugzilla.suse.com/1095854 | external |
| https://www.suse.com/security/cve/CVE-2016-1000341 | external |
| https://bugzilla.suse.com/1095852 | external |
| https://www.suse.com/security/cve/CVE-2016-1000342 | external |
| https://bugzilla.suse.com/1095850 | external |
| https://www.suse.com/security/cve/CVE-2016-1000343 | external |
| https://bugzilla.suse.com/1095849 | external |
| https://www.suse.com/security/cve/CVE-2016-1000344 | external |
| https://bugzilla.suse.com/1096026 | external |
| https://www.suse.com/security/cve/CVE-2016-1000345 | external |
| https://bugzilla.suse.com/1096025 | external |
| https://www.suse.com/security/cve/CVE-2016-1000346 | external |
| https://bugzilla.suse.com/1096024 | external |
| https://www.suse.com/security/cve/CVE-2016-1000352 | external |
| https://bugzilla.suse.com/1096022 | external |
| https://www.suse.com/security/cve/CVE-2017-13098 | external |
| https://bugzilla.suse.com/1072697 | external |
| https://www.suse.com/security/cve/CVE-2018-1000180 | external |
| https://bugzilla.suse.com/1096291 | external |
| https://bugzilla.suse.com/1153385 | external |
| https://www.suse.com/security/cve/CVE-2018-1000613 | external |
| https://bugzilla.suse.com/1096291 | external |
| https://bugzilla.suse.com/1100694 | external |
| https://bugzilla.suse.com/1153385 | external |
| https://www.suse.com/security/cve/CVE-2019-17359 | external |
| https://bugzilla.suse.com/1153385 | external |
| https://www.suse.com/security/cve/CVE-2020-15522 | external |
| https://bugzilla.suse.com/1186328 | external |
| https://www.suse.com/security/cve/CVE-2020-28052 | external |
| https://bugzilla.suse.com/1180215 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "bouncycastle-1.68-3.2 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the bouncycastle-1.68-3.2 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10661",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10661-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000338 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000339 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000340 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000341 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000341/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000342 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000342/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000343 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000344 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000345 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000346 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-1000352 page",
"url": "https://www.suse.com/security/cve/CVE-2016-1000352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13098 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000180 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000180/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000613 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17359 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15522 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15522/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-28052 page",
"url": "https://www.suse.com/security/cve/CVE-2020-28052/"
}
],
"title": "bouncycastle-1.68-3.2 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10661-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "bouncycastle-1.68-3.2.aarch64",
"product": {
"name": "bouncycastle-1.68-3.2.aarch64",
"product_id": "bouncycastle-1.68-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "bouncycastle-javadoc-1.68-3.2.aarch64",
"product": {
"name": "bouncycastle-javadoc-1.68-3.2.aarch64",
"product_id": "bouncycastle-javadoc-1.68-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "bouncycastle-mail-1.68-3.2.aarch64",
"product": {
"name": "bouncycastle-mail-1.68-3.2.aarch64",
"product_id": "bouncycastle-mail-1.68-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "bouncycastle-pg-1.68-3.2.aarch64",
"product": {
"name": "bouncycastle-pg-1.68-3.2.aarch64",
"product_id": "bouncycastle-pg-1.68-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "bouncycastle-pkix-1.68-3.2.aarch64",
"product": {
"name": "bouncycastle-pkix-1.68-3.2.aarch64",
"product_id": "bouncycastle-pkix-1.68-3.2.aarch64"
}
},
{
"category": "product_version",
"name": "bouncycastle-tls-1.68-3.2.aarch64",
"product": {
"name": "bouncycastle-tls-1.68-3.2.aarch64",
"product_id": "bouncycastle-tls-1.68-3.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bouncycastle-1.68-3.2.ppc64le",
"product": {
"name": "bouncycastle-1.68-3.2.ppc64le",
"product_id": "bouncycastle-1.68-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "bouncycastle-javadoc-1.68-3.2.ppc64le",
"product": {
"name": "bouncycastle-javadoc-1.68-3.2.ppc64le",
"product_id": "bouncycastle-javadoc-1.68-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "bouncycastle-mail-1.68-3.2.ppc64le",
"product": {
"name": "bouncycastle-mail-1.68-3.2.ppc64le",
"product_id": "bouncycastle-mail-1.68-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "bouncycastle-pg-1.68-3.2.ppc64le",
"product": {
"name": "bouncycastle-pg-1.68-3.2.ppc64le",
"product_id": "bouncycastle-pg-1.68-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "bouncycastle-pkix-1.68-3.2.ppc64le",
"product": {
"name": "bouncycastle-pkix-1.68-3.2.ppc64le",
"product_id": "bouncycastle-pkix-1.68-3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "bouncycastle-tls-1.68-3.2.ppc64le",
"product": {
"name": "bouncycastle-tls-1.68-3.2.ppc64le",
"product_id": "bouncycastle-tls-1.68-3.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "bouncycastle-1.68-3.2.s390x",
"product": {
"name": "bouncycastle-1.68-3.2.s390x",
"product_id": "bouncycastle-1.68-3.2.s390x"
}
},
{
"category": "product_version",
"name": "bouncycastle-javadoc-1.68-3.2.s390x",
"product": {
"name": "bouncycastle-javadoc-1.68-3.2.s390x",
"product_id": "bouncycastle-javadoc-1.68-3.2.s390x"
}
},
{
"category": "product_version",
"name": "bouncycastle-mail-1.68-3.2.s390x",
"product": {
"name": "bouncycastle-mail-1.68-3.2.s390x",
"product_id": "bouncycastle-mail-1.68-3.2.s390x"
}
},
{
"category": "product_version",
"name": "bouncycastle-pg-1.68-3.2.s390x",
"product": {
"name": "bouncycastle-pg-1.68-3.2.s390x",
"product_id": "bouncycastle-pg-1.68-3.2.s390x"
}
},
{
"category": "product_version",
"name": "bouncycastle-pkix-1.68-3.2.s390x",
"product": {
"name": "bouncycastle-pkix-1.68-3.2.s390x",
"product_id": "bouncycastle-pkix-1.68-3.2.s390x"
}
},
{
"category": "product_version",
"name": "bouncycastle-tls-1.68-3.2.s390x",
"product": {
"name": "bouncycastle-tls-1.68-3.2.s390x",
"product_id": "bouncycastle-tls-1.68-3.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "bouncycastle-1.68-3.2.x86_64",
"product": {
"name": "bouncycastle-1.68-3.2.x86_64",
"product_id": "bouncycastle-1.68-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "bouncycastle-javadoc-1.68-3.2.x86_64",
"product": {
"name": "bouncycastle-javadoc-1.68-3.2.x86_64",
"product_id": "bouncycastle-javadoc-1.68-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "bouncycastle-mail-1.68-3.2.x86_64",
"product": {
"name": "bouncycastle-mail-1.68-3.2.x86_64",
"product_id": "bouncycastle-mail-1.68-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "bouncycastle-pg-1.68-3.2.x86_64",
"product": {
"name": "bouncycastle-pg-1.68-3.2.x86_64",
"product_id": "bouncycastle-pg-1.68-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "bouncycastle-pkix-1.68-3.2.x86_64",
"product": {
"name": "bouncycastle-pkix-1.68-3.2.x86_64",
"product_id": "bouncycastle-pkix-1.68-3.2.x86_64"
}
},
{
"category": "product_version",
"name": "bouncycastle-tls-1.68-3.2.x86_64",
"product": {
"name": "bouncycastle-tls-1.68-3.2.x86_64",
"product_id": "bouncycastle-tls-1.68-3.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.68-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64"
},
"product_reference": "bouncycastle-1.68-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.68-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le"
},
"product_reference": "bouncycastle-1.68-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.68-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x"
},
"product_reference": "bouncycastle-1.68-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-1.68-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64"
},
"product_reference": "bouncycastle-1.68-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.68-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64"
},
"product_reference": "bouncycastle-javadoc-1.68-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.68-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le"
},
"product_reference": "bouncycastle-javadoc-1.68-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.68-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x"
},
"product_reference": "bouncycastle-javadoc-1.68-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-javadoc-1.68-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64"
},
"product_reference": "bouncycastle-javadoc-1.68-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-mail-1.68-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64"
},
"product_reference": "bouncycastle-mail-1.68-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-mail-1.68-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le"
},
"product_reference": "bouncycastle-mail-1.68-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-mail-1.68-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x"
},
"product_reference": "bouncycastle-mail-1.68-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-mail-1.68-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64"
},
"product_reference": "bouncycastle-mail-1.68-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.68-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64"
},
"product_reference": "bouncycastle-pg-1.68-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.68-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le"
},
"product_reference": "bouncycastle-pg-1.68-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.68-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x"
},
"product_reference": "bouncycastle-pg-1.68-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pg-1.68-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64"
},
"product_reference": "bouncycastle-pg-1.68-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.68-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64"
},
"product_reference": "bouncycastle-pkix-1.68-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.68-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le"
},
"product_reference": "bouncycastle-pkix-1.68-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.68-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x"
},
"product_reference": "bouncycastle-pkix-1.68-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-pkix-1.68-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64"
},
"product_reference": "bouncycastle-pkix-1.68-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-tls-1.68-3.2.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64"
},
"product_reference": "bouncycastle-tls-1.68-3.2.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-tls-1.68-3.2.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le"
},
"product_reference": "bouncycastle-tls-1.68-3.2.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-tls-1.68-3.2.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x"
},
"product_reference": "bouncycastle-tls-1.68-3.2.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "bouncycastle-tls-1.68-3.2.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
},
"product_reference": "bouncycastle-tls-1.68-3.2.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-1000338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000338"
}
],
"notes": [
{
"category": "general",
"text": "In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000338",
"url": "https://www.suse.com/security/cve/CVE-2016-1000338"
},
{
"category": "external",
"summary": "SUSE Bug 1095722 for CVE-2016-1000338",
"url": "https://bugzilla.suse.com/1095722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1000338"
},
{
"cve": "CVE-2016-1000339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000339"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000339",
"url": "https://www.suse.com/security/cve/CVE-2016-1000339"
},
{
"category": "external",
"summary": "SUSE Bug 1095853 for CVE-2016-1000339",
"url": "https://bugzilla.suse.com/1095853"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000339"
},
{
"cve": "CVE-2016-1000340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000340"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000340",
"url": "https://www.suse.com/security/cve/CVE-2016-1000340"
},
{
"category": "external",
"summary": "SUSE Bug 1095854 for CVE-2016-1000340",
"url": "https://bugzilla.suse.com/1095854"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1000340"
},
{
"cve": "CVE-2016-1000341",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000341"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature\u0027s k value and ultimately the private value as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000341",
"url": "https://www.suse.com/security/cve/CVE-2016-1000341"
},
{
"category": "external",
"summary": "SUSE Bug 1095852 for CVE-2016-1000341",
"url": "https://bugzilla.suse.com/1095852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000341"
},
{
"cve": "CVE-2016-1000342",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000342"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of \u0027invisible\u0027 data into a signed structure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000342",
"url": "https://www.suse.com/security/cve/CVE-2016-1000342"
},
{
"category": "external",
"summary": "SUSE Bug 1095850 for CVE-2016-1000342",
"url": "https://bugzilla.suse.com/1095850"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1000342"
},
{
"cve": "CVE-2016-1000343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000343"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000343",
"url": "https://www.suse.com/security/cve/CVE-2016-1000343"
},
{
"category": "external",
"summary": "SUSE Bug 1095849 for CVE-2016-1000343",
"url": "https://bugzilla.suse.com/1095849"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1000343"
},
{
"cve": "CVE-2016-1000344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000344"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000344",
"url": "https://www.suse.com/security/cve/CVE-2016-1000344"
},
{
"category": "external",
"summary": "SUSE Bug 1096026 for CVE-2016-1000344",
"url": "https://bugzilla.suse.com/1096026"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1000344"
},
{
"cve": "CVE-2016-1000345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000345"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000345",
"url": "https://www.suse.com/security/cve/CVE-2016-1000345"
},
{
"category": "external",
"summary": "SUSE Bug 1096025 for CVE-2016-1000345",
"url": "https://bugzilla.suse.com/1096025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000345"
},
{
"cve": "CVE-2016-1000346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000346"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party\u0027s private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000346",
"url": "https://www.suse.com/security/cve/CVE-2016-1000346"
},
{
"category": "external",
"summary": "SUSE Bug 1096024 for CVE-2016-1000346",
"url": "https://bugzilla.suse.com/1096024"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-1000346"
},
{
"cve": "CVE-2016-1000352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-1000352"
}
],
"notes": [
{
"category": "general",
"text": "In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-1000352",
"url": "https://www.suse.com/security/cve/CVE-2016-1000352"
},
{
"category": "external",
"summary": "SUSE Bug 1096022 for CVE-2016-1000352",
"url": "https://bugzilla.suse.com/1096022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-1000352"
},
{
"cve": "CVE-2017-13098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13098"
}
],
"notes": [
{
"category": "general",
"text": "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13098",
"url": "https://www.suse.com/security/cve/CVE-2017-13098"
},
{
"category": "external",
"summary": "SUSE Bug 1072697 for CVE-2017-13098",
"url": "https://bugzilla.suse.com/1072697"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-13098"
},
{
"cve": "CVE-2018-1000180",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000180"
}
],
"notes": [
{
"category": "general",
"text": "Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000180",
"url": "https://www.suse.com/security/cve/CVE-2018-1000180"
},
{
"category": "external",
"summary": "SUSE Bug 1096291 for CVE-2018-1000180",
"url": "https://bugzilla.suse.com/1096291"
},
{
"category": "external",
"summary": "SUSE Bug 1153385 for CVE-2018-1000180",
"url": "https://bugzilla.suse.com/1153385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000180"
},
{
"cve": "CVE-2018-1000613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000613"
}
],
"notes": [
{
"category": "general",
"text": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000613",
"url": "https://www.suse.com/security/cve/CVE-2018-1000613"
},
{
"category": "external",
"summary": "SUSE Bug 1096291 for CVE-2018-1000613",
"url": "https://bugzilla.suse.com/1096291"
},
{
"category": "external",
"summary": "SUSE Bug 1100694 for CVE-2018-1000613",
"url": "https://bugzilla.suse.com/1100694"
},
{
"category": "external",
"summary": "SUSE Bug 1153385 for CVE-2018-1000613",
"url": "https://bugzilla.suse.com/1153385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000613"
},
{
"cve": "CVE-2019-17359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17359"
}
],
"notes": [
{
"category": "general",
"text": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17359",
"url": "https://www.suse.com/security/cve/CVE-2019-17359"
},
{
"category": "external",
"summary": "SUSE Bug 1153385 for CVE-2019-17359",
"url": "https://bugzilla.suse.com/1153385"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-17359"
},
{
"cve": "CVE-2020-15522",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15522"
}
],
"notes": [
{
"category": "general",
"text": "Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15522",
"url": "https://www.suse.com/security/cve/CVE-2020-15522"
},
{
"category": "external",
"summary": "SUSE Bug 1186328 for CVE-2020-15522",
"url": "https://bugzilla.suse.com/1186328"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-15522"
},
{
"cve": "CVE-2020-28052",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-28052"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-28052",
"url": "https://www.suse.com/security/cve/CVE-2020-28052"
},
{
"category": "external",
"summary": "SUSE Bug 1180215 for CVE-2020-28052",
"url": "https://bugzilla.suse.com/1180215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-javadoc-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-mail-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pg-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-pkix-1.68-3.2.x86_64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.aarch64",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.ppc64le",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.s390x",
"openSUSE Tumbleweed:bouncycastle-tls-1.68-3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-28052"
}
]
}
ubuntu-cve-2018-1000613
Vulnerability from osv_ubuntu
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
| URL | Type | |
|---|---|---|
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "libbcmail-java",
"binary_version": "1.59-1ubuntu0.1~esm1"
},
{
"binary_name": "libbcpg-java",
"binary_version": "1.59-1ubuntu0.1~esm1"
},
{
"binary_name": "libbcpkix-java",
"binary_version": "1.59-1ubuntu0.1~esm1"
},
{
"binary_name": "libbcprov-java",
"binary_version": "1.59-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "bouncycastle",
"purl": "pkg:deb/ubuntu/bouncycastle@1.59-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.57-1",
"1.58-1",
"1.59-1",
"1.59-1ubuntu0.1~esm1"
]
}
],
"aliases": [],
"details": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.",
"id": "UBUNTU-CVE-2018-1000613",
"modified": "2026-03-19T04:51:00Z",
"published": "2018-07-09T20:29:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2018-1000613"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2018-1000613"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.