Package impact

Maven / org.bouncycastle:bcprov-jdk14

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2020-28052	high	—	8.0	5y ago	Logic error in Legion of the Bouncy Castle BC Java
CVE-2026-5598	unknown	—	—	1mo ago	Bouncy Castle Has Covert Timing Channel Vulnerability
CVE-2026-0636	unknown	—	—	1mo ago	Bouncy Castle has an LDAP injection
CVE-2025-8885	unknown	—	—	10mo ago	Bouncy Castle for Java on All (API modules) allows Excessive Allocation
CVE-2024-30172	unknown	—	—	2y ago	Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
CVE-2024-30171	unknown	—	—	2y ago	Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
CVE-2024-29857	unknown	—	—	2y ago	Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
CVE-2024-34447	unknown	—	—	2y ago	Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
CVE-2023-33202	unknown	—	—	3y ago	Bouncy Castle Denial of Service (DoS)
CVE-2023-33201	unknown	—	—	3y ago	Bouncy Castle For Java LDAP injection vulnerability
CVE-2020-15522	unknown	—	—	5y ago	Timing based private key exposure in Bouncy Castle
CVE-2020-26939	unknown	—	—	5y ago	Observable Differences in Behavior to Error Inputs in Bouncy Castle
CVE-2019-17359	unknown	—	—	7y ago	Out-of-Memory Error in Bouncy Castle Crypto
CVE-2016-1000345	unknown	—	—	8y ago	Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
CVE-2016-1000344	unknown	—	—	8y ago	In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
CVE-2016-1000352	unknown	—	—	8y ago	In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
CVE-2016-1000346	unknown	—	—	8y ago	In Bouncy Castle JCE Provider the other party DH public key is not fully validated
CVE-2016-1000343	unknown	—	—	8y ago	In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
CVE-2016-1000342	unknown	—	—	8y ago	In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
CVE-2016-1000341	unknown	—	—	8y ago	Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
CVE-2016-1000340	unknown	—	—	8y ago	The Bouncy Castle JCE Provider carry a propagation bug
CVE-2016-1000339	unknown	—	—	8y ago	Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
CVE-2016-1000338	unknown	—	—	8y ago	In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
CVE-2018-1000180	unknown	—	—	8y ago	Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator