rpm package
suse/bouncycastle&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
pkg:rpm/suse/bouncycastle&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-30171 | Med | 5.9 | < 1.78.1-150200.3.29.1 | 1.78.1-150200.3.29.1 | May 14, 2024 | An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. | |
| CVE-2023-48795 | Med | 5.9 | < 1.77-150200.3.24.1 | 1.77-150200.3.24.1 | Dec 18, 2023 | The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end | |
| CVE-2023-33201 | — | < 1.74-150200.3.21.1 | 1.74-150200.3.21.1 | Jul 5, 2023 | Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certif |
- affected < 1.78.1-150200.3.29.1fixed 1.78.1-150200.3.29.1
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
- affected < 1.77-150200.3.24.1fixed 1.77-150200.3.24.1
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end
- CVE-2023-33201Jul 5, 2023affected < 1.74-150200.3.21.1fixed 1.74-150200.3.21.1
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certif