Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Satellite_capsule
(Redhat)| Repositories |
• https://github.com/bcgit/bc-java
• https://github.com/dom4j/dom4j |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-16 | CVE-2018-5382 | The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the... | Bc\-Java, Satellite, Satellite_capsule | 4.4 | ||
| 2018-06-01 | CVE-2016-1000338 | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | Legion\-Of\-The\-Bouncy\-Castle\-Java\-Crytography\-Api, Ubuntu_linux, 7\-Mode_transition_tool, Satellite, Satellite_capsule | 7.5 |