Vulnerabilities > Oracle > Business Transaction Management

DATE CVE VULNERABILITY TITLE RISK
2018-07-09 CVE-2018-1000613 Unsafe Reflection vulnerability in multiple products
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.
network
low complexity
bouncycastle netapp opensuse oracle CWE-470
critical
9.8
2018-06-05 CVE-2018-1000180 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected.
network
low complexity
bouncycastle debian oracle netapp redhat CWE-327
7.5