FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fe93803c-883f-11e8-9f0c-001b216d295bSeveral Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.


Discovery 2018-06-30
Entry 2018-07-15
bouncycastle
< 1.60

bouncycastle15
< 1.60

puppetserver
ge 0

puppetserver5
< 5.3.8

puppetserver6
< 6.2.1

CVE-2018-1000180
CVE-2018-1000613
https://www.bouncycastle.org/latest_releases.html
89d5bca6-0150-11ec-bf0c-080027eedc6aThe Bouncy Castle Crypto APIs -- EC math vulnerability

The Bouncy Castle team reports::

Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.


Discovery 2020-07-04
Entry 2021-08-20
bouncycastle15
< 1.66

bouncycastle
< 1.66

CVE-2020-15522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522