pkg:maven/org.bouncycastle/bcprov-jdk15
Type
maven
Namespace
org.bouncycastle
Name
bcprov-jdk15
Known advisories, vulnerabilities and fixes for org.bouncycastle/bcprov-jdk15 package.
High
8
Moderate
7
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 1.56 |
CVE-2016-1000344
|
MAVEN:GHSA-2J2X-HX4G-2GF4 | In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode | high |
2018-10-18T17:43:55
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000344
|
MAVEN:GHSA-2J2X-HX4G-2GF4 | In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode | high |
2018-10-18T17:43:55
(6 years ago) |
|
Affected | < 1.51 |
CVE-2015-7940
|
MAVEN:GHSA-4MV7-CQ75-3QJM | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:27:50
(6 years ago) |
|
Fixed | = 1.51 |
CVE-2015-7940
|
MAVEN:GHSA-4MV7-CQ75-3QJM | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:27:50
(6 years ago) |
|
Affected | < 1.5.6 |
CVE-2016-1000338
|
MAVEN:GHSA-4VHJ-98R6-424H | In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate | high |
2018-10-17T16:23:26
(6 years ago) |
|
Fixed | = 1.5.6 |
CVE-2016-1000338
|
MAVEN:GHSA-4VHJ-98R6-424H | In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate | high |
2018-10-17T16:23:26
(6 years ago) |
|
Affected | < 1.66 |
CVE-2020-15522
|
MAVEN:GHSA-6XX3-RG99-GC3P | Timing based private key exposure in Bouncy Castle | moderate |
2021-08-13T15:22:31
(3 years ago) |
|
Fixed | = 1.66 |
CVE-2020-15522
|
MAVEN:GHSA-6XX3-RG99-GC3P | Timing based private key exposure in Bouncy Castle | moderate |
2021-08-13T15:22:31
(3 years ago) |
|
Affected | < 1.61 |
CVE-2020-26939
|
MAVEN:GHSA-72M5-FVVV-55M6 | Observable Differences in Behavior to Error Inputs in Bouncy Castle | moderate |
2021-04-22T16:16:49
(3 years ago) |
|
Fixed | = 1.61 |
CVE-2020-26939
|
MAVEN:GHSA-72M5-FVVV-55M6 | Observable Differences in Behavior to Error Inputs in Bouncy Castle | moderate |
2021-04-22T16:16:49
(3 years ago) |
|
Affected | >= 1.65, < 1.67 |
CVE-2020-28052
|
MAVEN:GHSA-73XV-W5GP-FRXH | Logic error in Legion of the Bouncy Castle BC Java | high |
2021-04-30T16:14:15
(3 years ago) |
|
Fixed | = 1.67 |
CVE-2020-28052
|
MAVEN:GHSA-73XV-W5GP-FRXH | Logic error in Legion of the Bouncy Castle BC Java | high |
2021-04-30T16:14:15
(3 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000345
|
MAVEN:GHSA-9GP4-QRFF-C648 | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-18T18:04:13
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000345
|
MAVEN:GHSA-9GP4-QRFF-C648 | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-18T18:04:13
(6 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000339
|
MAVEN:GHSA-C8XF-M4FF-JCXJ | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:23:38
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000339
|
MAVEN:GHSA-C8XF-M4FF-JCXJ | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:23:38
(6 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000346
|
MAVEN:GHSA-FJQM-246C-MWQG | In Bouncy Castle JCE Provider the other party DH public key is not fully validated | low |
2018-10-17T16:27:28
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000346
|
MAVEN:GHSA-FJQM-246C-MWQG | In Bouncy Castle JCE Provider the other party DH public key is not fully validated | low |
2018-10-17T16:27:28
(6 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000342
|
MAVEN:GHSA-QCJ7-G2J5-G7R3 | In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification | high |
2018-10-17T16:24:12
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000342
|
MAVEN:GHSA-QCJ7-G2J5-G7R3 | In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification | high |
2018-10-17T16:24:12
(6 years ago) |
|
Affected | >= 1.51, < 1.56 |
CVE-2016-1000340
|
MAVEN:GHSA-R97X-3G8F-GX3M | The Bouncy Castle JCE Provider carry a propagation bug | high |
2018-10-17T16:23:50
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000340
|
MAVEN:GHSA-R97X-3G8F-GX3M | The Bouncy Castle JCE Provider carry a propagation bug | high |
2018-10-17T16:23:50
(6 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000341
|
MAVEN:GHSA-R9CH-M4FH-FC7Q | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:24:00
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000341
|
MAVEN:GHSA-R9CH-M4FH-FC7Q | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | moderate |
2018-10-17T16:24:00
(6 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000343
|
MAVEN:GHSA-RRVX-PWF8-P59P | In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values | high |
2018-10-17T16:24:22
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000343
|
MAVEN:GHSA-RRVX-PWF8-P59P | In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values | high |
2018-10-17T16:24:22
(6 years ago) |
|
Affected | < 1.56 |
CVE-2016-1000352
|
MAVEN:GHSA-W285-WF9Q-5W69 | In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode | high |
2018-10-17T16:27:38
(6 years ago) |
|
Fixed | = 1.56 |
CVE-2016-1000352
|
MAVEN:GHSA-W285-WF9Q-5W69 | In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode | high |
2018-10-17T16:27:38
(6 years ago) |
|
Affected | < 1.73 |
CVE-2023-33202
|
MAVEN:GHSA-WJXJ-5M7G-MG7Q | Bouncy Castle Denial of Service (DoS) | moderate |
2023-11-23T18:30:33
(9 months ago) |
|
Fixed | = 1.73 |
CVE-2023-33202
|
MAVEN:GHSA-WJXJ-5M7G-MG7Q | Bouncy Castle Denial of Service (DoS) | moderate |
2023-11-23T18:30:33
(9 months ago) |
|
Affected | < 1.60 |
CVE-2018-1000180
|
MAVEN:GHSA-XQJ7-J8J5-F2XR | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | high |
2018-10-16T17:44:39
(6 years ago) |
|
Fixed | = 1.60 |
CVE-2018-1000180
|
MAVEN:GHSA-XQJ7-J8J5-F2XR | Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator | high |
2018-10-16T17:44:39
(6 years ago) |