CVSS: 9.8EPSS: 4%CPEs: 47EXPL: 0CVE-2018-1000613
https://notcve.org/view.php?id=CVE-2018-1000613
09 Jul 2018 — Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be pic... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.5EPSS: 0%CPEs: 31EXPL: 0CVE-2018-1000180 – bouncycastle: flaw in the low-level interface to RSA key pair generator
https://notcve.org/view.php?id=CVE-2018-1000180
05 Jun 2018 — Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 y anteriores tiene un vulnerabilidad en la interfaz de bajo nivel del generador de claves RSA; específicamente, los par... • http://www.securityfocus.com/bid/106567 • CWE-325: Missing Cryptographic Step CWE-327: Use of a Broken or Risky Cryptographic Algorithm •