admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-06-04 17:03:58 -04:00
parent 34cae7d1b1
commit 7515e1cbc4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 232 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
2016/1000xxx/CVE-2016-1000344.json
View File

@ -1,60 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "dgh@bouncycastle.org",
"ID": "CVE-2016-1000344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Legion of the Bouncy Castle Inc.",
"product": {
"product_data": [
{
"product_name": "Bouncy Castle JCE Provider",
"version": {
"version_data": [
{
"version_value": "1.55 and before"
}
"CVE_data_meta" : {
"ASSIGNER" : "dgh@bouncycastle.org",
"ID" : "CVE-2016-1000344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bouncy Castle JCE Provider",
"version" : {
"version_data" : [
{
"version_value" : "1.55 and before"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "The Legion of the Bouncy Castle Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"
}
]
}
}

114
2016/1000xxx/CVE-2016-1000345.json
View File

@ -1,60 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "dgh@bouncycastle.org",
"ID": "CVE-2016-1000345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Legion of the Bouncy Castle Inc.",
"product": {
"product_data": [
{
"product_name": "Bouncy Castle JCE Provider",
"version": {
"version_data": [
{
"version_value": "1.55 and before"
}
"CVE_data_meta" : {
"ASSIGNER" : "dgh@bouncycastle.org",
"ID" : "CVE-2016-1000345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bouncy Castle JCE Provider",
"version" : {
"version_data" : [
{
"version_value" : "1.55 and before"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "The Legion of the Bouncy Castle Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-514: Covert Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-514: Covert Channel"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098"
}
]
}
}

114
2016/1000xxx/CVE-2016-1000346.json
View File

@ -1,60 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "dgh@bouncycastle.org",
"ID": "CVE-2016-1000346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Legion of the Bouncy Castle Inc.",
"product": {
"product_data": [
{
"product_name": "Bouncy Castle JCE Provider",
"version": {
"version_data": [
{
"version_value": "1.55 and before"
}
"CVE_data_meta" : {
"ASSIGNER" : "dgh@bouncycastle.org",
"ID" : "CVE-2016-1000346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bouncy Castle JCE Provider",
"version" : {
"version_data" : [
{
"version_value" : "1.55 and before"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "The Legion of the Bouncy Castle Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-320: Key Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-320: Key Management Errors"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937"
}
]
}
}

114
2016/1000xxx/CVE-2016-1000352.json
View File

@ -1,60 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "dgh@bouncycastle.org",
"ID": "CVE-2016-1000352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "The Legion of the Bouncy Castle Inc.",
"product": {
"product_data": [
{
"product_name": "Bouncy Castle JCE Provider",
"version": {
"version_data": [
{
"version_value": "1.55 and before"
}
"CVE_data_meta" : {
"ASSIGNER" : "dgh@bouncycastle.org",
"ID" : "CVE-2016-1000352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Bouncy Castle JCE Provider",
"version" : {
"version_data" : [
{
"version_value" : "1.55 and before"
}
]
}
}
]
}
}
]
}
}
},
"vendor_name" : "The Legion of the Bouncy Castle Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider."
}
]
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"
}
]
}
}