Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HBouncycastle Bc Java
APPBouncycastle1.58 – 1.60 (bez)Netapp Oncommand Workflow Automation
APPNetappwszystkie wersjeOpensuse Leap
OSOpensuse15.1Oracle Api Gateway
APPOracle11.1.2.4.0Oracle Banking Platform
APPOracle2.6.02.6.12.6.2Oracle Business Process Management Suite
APPOracle11.1.1.9.012.1.3.0.012.2.1.3.0Oracle Business Transaction Management
APPOracle12.1.0Oracle Communications Application Session Controller
APPOracle3.7.13.8.0Oracle Communications Converged Application Server
APPOracle7.0.0.1< 7.0.0.1Oracle Communications Convergence
APPOracle3.0.2Oracle Communications Diameter Signaling Router
APPOracle8.0.08.18.28.2.1Oracle Communications Webrtc Session Controller
APPOracle7.2< 7.2Oracle Data Integrator
APPOracle12.2.1.3.0Oracle Enterprise Manager Base Platform
APPOracle12.1.0.5.013.2.0.013.3.0.0Oracle Enterprise Manager For Fusion Middleware
APPOracle13.2.0.013.3.0.0Oracle Enterprise Repository
APPOracle11.1.1.7.012.1.3.0.0Oracle Managed File Transfer
APPOracle12.1.3.0.012.2.1.3.0Oracle Peoplesoft Enterprise Peopletools
APPOracle8.558.568.57Oracle Retail Convenience And Fuel Pos Software
APPOracle2.8.1Oracle Retail Xstore Point Of Service
APPOracle7.07.1Oracle Soa Suite
APPOracle12.1.3.0.012.2.1.3.0Oracle Utilities Network Management System
APPOracle1.12.0.32.3.0.02.3.0.12.3.0.2Oracle Webcenter Portal
APPOracle11.1.1.9.012.2.1.3.0Oracle Weblogic Server
APPOracle12.2.1.3
Powiązane podatności
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionalit...
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) ...
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the...