Количество 9
Количество 9
CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptogra ...
openSUSE-SU-2018:2180-1
Security update for bouncycastle
GHSA-4446-656p-f54g
Deserialization of Untrusted Data in Bouncy castle
BDU:2019-01880
Уязвимость средства криптографической защиты Bouncy Castle, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю выполнить произвольный код
openSUSE-SU-2020:0607-1
Security update for bouncycastle
openSUSE-SU-2018:2131-1
Security update for bouncycastle
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | CVSS3: 9.8 | 4% Низкий | больше 7 лет назад |
 | CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | CVSS3: 4.9 | 4% Низкий | почти 8 лет назад |
 | CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later. | CVSS3: 9.8 | 4% Низкий | больше 7 лет назад |
| CVE-2018-1000613 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptogra ... | CVSS3: 9.8 | 4% Низкий | больше 7 лет назад |
 | openSUSE-SU-2018:2180-1 Security update for bouncycastle | 4% Низкий | больше 7 лет назад | |
| GHSA-4446-656p-f54g Deserialization of Untrusted Data in Bouncy castle | CVSS3: 9.8 | 4% Низкий | больше 7 лет назад |
 | BDU:2019-01880 Уязвимость средства криптографической защиты Bouncy Castle, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 4% Низкий | больше 7 лет назад |
| openSUSE-SU-2020:0607-1 Security update for bouncycastle | почти 6 лет назад | ||
| openSUSE-SU-2018:2131-1 Security update for bouncycastle | больше 7 лет назад |
Уязвимостей на страницу