pkg:maven/org.bouncycastle/bcprov-jdk14
Type
maven
Namespace
org.bouncycastle
Name
bcprov-jdk14
Known advisories, vulnerabilities and fixes for org.bouncycastle/bcprov-jdk14 package.
High
9
Moderate
11
Low
2
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 1.56 |
CVE-2016-1000344
|
 MAVEN:GHSA-2J2X-HX4G-2GF4
|
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode | high |
2018-10-18T17:43:55
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000344
|
MAVEN:GHSA-2J2X-HX4G-2GF4
|
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode | high |
2018-10-18T17:43:55
(5 years ago) |
|
| Affected | = 1.63 |
CVE-2019-17359
|
MAVEN:GHSA-2MH8-GX2M-MR75
|
Out-of-Memory Error in Bouncy Castle Crypto | high |
2019-10-17T18:15:16
(4 years ago) |
|
| Fixed | = 1.64 |
CVE-2019-17359
|
MAVEN:GHSA-2MH8-GX2M-MR75
|
Out-of-Memory Error in Bouncy Castle Crypto | high |
2019-10-17T18:15:16
(4 years ago) |
|
| Affected | < 1.78 |
CVE-2024-34447
|
MAVEN:GHSA-4H8F-2WVX-GG5W
|
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning | low |
2024-05-03T18:30:37
(4 months ago) |
|
| Fixed | = 1.78 |
CVE-2024-34447
|
MAVEN:GHSA-4H8F-2WVX-GG5W
|
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning | low |
2024-05-03T18:30:37
(4 months ago) |
|
| Affected | < 1.51 |
CVE-2015-7940
|
MAVEN:GHSA-4MV7-CQ75-3QJM
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:27:50
(5 years ago) |
|
| Fixed | = 1.51 |
CVE-2015-7940
|
MAVEN:GHSA-4MV7-CQ75-3QJM
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:27:50
(5 years ago) |
|
| Affected | < 1.56 |
CVE-2016-1000338
|
MAVEN:GHSA-4VHJ-98R6-424H
|
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate | high |
2018-10-17T16:23:26
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000338
|
MAVEN:GHSA-4VHJ-98R6-424H
|
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate | high |
2018-10-17T16:23:26
(5 years ago) |
|
| Affected | < 1.66 |
CVE-2020-15522
|
MAVEN:GHSA-6XX3-RG99-GC3P
|
Timing based private key exposure in Bouncy Castle | moderate |
2021-08-13T15:22:31
(3 years ago) |
|
| Fixed | = 1.66 |
CVE-2020-15522
|
MAVEN:GHSA-6XX3-RG99-GC3P
|
Timing based private key exposure in Bouncy Castle | moderate |
2021-08-13T15:22:31
(3 years ago) |
|
| Affected | < 1.61 |
CVE-2020-26939
|
MAVEN:GHSA-72M5-FVVV-55M6
|
Observable Differences in Behavior to Error Inputs in Bouncy Castle | moderate |
2021-04-22T16:16:49
(3 years ago) |
|
| Fixed | = 1.61 |
CVE-2020-26939
|
MAVEN:GHSA-72M5-FVVV-55M6
|
Observable Differences in Behavior to Error Inputs in Bouncy Castle | moderate |
2021-04-22T16:16:49
(3 years ago) |
|
| Affected | >= 1.65, < 1.67 |
CVE-2020-28052
|
MAVEN:GHSA-73XV-W5GP-FRXH
|
Logic error in Legion of the Bouncy Castle BC Java | high |
2021-04-30T16:14:15
(3 years ago) |
|
| Fixed | = 1.67 |
CVE-2020-28052
|
MAVEN:GHSA-73XV-W5GP-FRXH
|
Logic error in Legion of the Bouncy Castle BC Java | high |
2021-04-30T16:14:15
(3 years ago) |
|
| Affected | < 1.78 |
CVE-2024-29857
|
MAVEN:GHSA-8XFC-GM6G-VGPV
|
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Fixed | = 1.78 |
CVE-2024-29857
|
MAVEN:GHSA-8XFC-GM6G-VGPV
|
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation. | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Affected | < 1.56 |
CVE-2016-1000345
|
MAVEN:GHSA-9GP4-QRFF-C648
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-18T18:04:13
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000345
|
MAVEN:GHSA-9GP4-QRFF-C648
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-18T18:04:13
(5 years ago) |
|
| Affected | < 1.56 |
CVE-2016-1000339
|
MAVEN:GHSA-C8XF-M4FF-JCXJ
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:23:38
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000339
|
MAVEN:GHSA-C8XF-M4FF-JCXJ
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:23:38
(5 years ago) |
|
| Affected | < 1.56 |
CVE-2016-1000346
|
MAVEN:GHSA-FJQM-246C-MWQG
|
In Bouncy Castle JCE Provider the other party DH public key is not fully validated | low |
2018-10-17T16:27:28
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000346
|
MAVEN:GHSA-FJQM-246C-MWQG
|
In Bouncy Castle JCE Provider the other party DH public key is not fully validated | low |
2018-10-17T16:27:28
(5 years ago) |
|
| Affected | >= 1.49, < 1.74 |
CVE-2023-33201
|
MAVEN:GHSA-HR8G-6V94-X4M9
|
Bouncy Castle For Java LDAP injection vulnerability | moderate |
2023-07-05T03:30:23
(14 months ago) |
|
| Fixed | = 1.74 |
CVE-2023-33201
|
MAVEN:GHSA-HR8G-6V94-X4M9
|
Bouncy Castle For Java LDAP injection vulnerability | moderate |
2023-07-05T03:30:23
(14 months ago) |
|
| Affected | < 1.78 |
CVE-2024-30172
|
MAVEN:GHSA-M44J-CFRM-G8QC
|
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Fixed | = 1.78 |
CVE-2024-30172
|
MAVEN:GHSA-M44J-CFRM-G8QC
|
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Affected | < 1.56 |
CVE-2016-1000342
|
MAVEN:GHSA-QCJ7-G2J5-G7R3
|
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification | high |
2018-10-17T16:24:12
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000342
|
MAVEN:GHSA-QCJ7-G2J5-G7R3
|
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification | high |
2018-10-17T16:24:12
(5 years ago) |
|
| Affected | >= 1.51, < 1.56 |
CVE-2016-1000340
|
MAVEN:GHSA-R97X-3G8F-GX3M
|
The Bouncy Castle JCE Provider carry a propagation bug | high |
2018-10-17T16:23:50
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000340
|
MAVEN:GHSA-R97X-3G8F-GX3M
|
The Bouncy Castle JCE Provider carry a propagation bug | high |
2018-10-17T16:23:50
(5 years ago) |
|
| Affected | < 1.56 |
CVE-2016-1000341
|
MAVEN:GHSA-R9CH-M4FH-FC7Q
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:24:00
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000341
|
MAVEN:GHSA-R9CH-M4FH-FC7Q
|
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:24:00
(5 years ago) |
|
| Affected | < 1.56 |
CVE-2016-1000343
|
MAVEN:GHSA-RRVX-PWF8-P59P
|
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values | high |
2018-10-17T16:24:22
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000343
|
MAVEN:GHSA-RRVX-PWF8-P59P
|
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values | high |
2018-10-17T16:24:22
(5 years ago) |
|
| Affected | < 1.78 |
CVE-2024-30171
|
MAVEN:GHSA-V435-XC8X-WVR9
|
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Fixed | = 1.78 |
CVE-2024-30171
|
MAVEN:GHSA-V435-XC8X-WVR9
|
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack") | moderate |
2024-05-14T15:32:54
(3 months ago) |
|
| Affected | < 1.56 |
CVE-2016-1000352
|
MAVEN:GHSA-W285-WF9Q-5W69
|
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode | high |
2018-10-17T16:27:38
(5 years ago) |
|
| Fixed | = 1.56 |
CVE-2016-1000352
|
MAVEN:GHSA-W285-WF9Q-5W69
|
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode | high |
2018-10-17T16:27:38
(5 years ago) |
|
| Affected | < 1.73 |
CVE-2023-33202
|
MAVEN:GHSA-WJXJ-5M7G-MG7Q
|
Bouncy Castle Denial of Service (DoS) | moderate |
2023-11-23T18:30:33
(9 months ago) |
|
| Fixed | = 1.73 |
CVE-2023-33202
|
MAVEN:GHSA-WJXJ-5M7G-MG7Q
|
Bouncy Castle Denial of Service (DoS) | moderate |
2023-11-23T18:30:33
(9 months ago) |
|
| Affected | < 1.60 |
CVE-2018-1000180
|
MAVEN:GHSA-XQJ7-J8J5-F2XR
|
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | high |
2018-10-16T17:44:39
(5 years ago) |
|
| Fixed | = 1.60 |
CVE-2018-1000180
|
MAVEN:GHSA-XQJ7-J8J5-F2XR
|
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | high |
2018-10-16T17:44:39
(5 years ago) |