Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bouncycastle legion-of-the-bouncy-castle vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2016-2427
The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for malicious users to defeat a cryptographic protection mechanism and discover an authentication key via a crafted applicati...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.54
Google Android 5.1.0
Google Android 6.0.1
Google Android 6.0
Google Android 5.0.1
Google Android 5.0
Google Android 5.1
5.3
CVSSv3
CVE-2020-26939
In Legion of the Bouncy Castle BC prior to 1.61 and BC-FJA prior to 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending i...
Bouncycastle Legion-of-the-bouncy-castle-fips-java-api
Bouncycastle Legion-of-the-bouncy-castle
1 Github repository
4.4
CVSSv3
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an malicious user to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore gener...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Redhat Satellite 6.4
Redhat Satellite Capsule 6.4
3.7
CVSSv3
CVE-2016-1000346
In the Bouncy Castle JCE Provider version 1.55 and previous versions the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of rel...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Debian Debian Linux 8.0
NA
CVE-2013-1624
The TLS implementation in the Bouncy Castle Java library prior to 1.48 and C# library prior to 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to c...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.12
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.11
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.20
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.17
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.04
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.03
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.08
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.07
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.06
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.16
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.13
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.23
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.24
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.32
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.31
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.43
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.44
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.02
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.01
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.05
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.19
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.14
NA
CVE-2007-6721
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package prior to 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.31
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.30
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.29
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.22
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.21
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.14
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.13
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.05
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.04
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.33
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.32
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.23
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.24
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.16
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.15
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.08
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.07
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.06
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.36
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.28
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.27
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2