Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bouncycastle vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
Sap Process Integration 2.0
Sap Process Integration 1.0
2 Articles
5
CVSSv2
CVE-2019-17359
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.63
Apache Tomee 7.0.7
Apache Tomee 7.1.2
Apache Tomee 8.0.1
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Netapp Active Iq Unified Manager
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Hospitality Guest Access 4.2.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Soa Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Managed File Transfer 12.2.1.3.0
Oracle Retail Xstore Point Of Service 18.0.1
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
7.5
CVSSv2
CVE-2018-1000613
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserializat...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Netapp Oncommand Workflow Automation -
Opensuse Leap 15.1
Oracle Retail Xstore Point Of Service 7.1
Oracle Api Gateway 11.1.2.4.0
Oracle Enterprise Repository 12.1.3.0.0
Oracle Retail Xstore Point Of Service 7.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Communications Webrtc Session Controller 7.2
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Weblogic Server 12.2.1.3
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 11.1.1.9.0
Oracle Soa Suite 12.1.3.0.0
Oracle Soa Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Managed File Transfer 12.2.1.3.0
Oracle Communications Converged Application Server
1 Github repository
5
CVSSv2
CVE-2018-1000180
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and previous versions have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fi...
Bouncycastle Fips Java Api
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Debian Debian Linux 9.0
Oracle Retail Xstore Point Of Service 7.1
Oracle Api Gateway 11.1.2.4.0
Oracle Weblogic Server 12.1.3.0.0
Oracle Enterprise Repository 12.1.3.0.0
Oracle Retail Xstore Point Of Service 7.0
Oracle Peoplesoft Enterprise Peopletools 8.55
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 11.1.1.9.0
Oracle Soa Suite 12.1.3.0.0
Oracle Soa Suite 12.2.1.3.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Managed File Transfer 12.2.1.3.0
Oracle Communications Converged Application Server
Oracle Communications Webrtc Session Controller
Oracle Retail Convenience And Fuel Pos Software 2.8.1
1 Github repository
5.8
CVSSv2
CVE-2016-1000344
In the Bouncy Castle JCE Provider version 1.55 and previous versions the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
5.8
CVSSv2
CVE-2016-1000352
In the Bouncy Castle JCE Provider version 1.55 and previous versions the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
4.3
CVSSv2
CVE-2016-1000345
In the Bouncy Castle JCE Provider version 1.55 and previous versions the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryptio...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2016-1000346
In the Bouncy Castle JCE Provider version 1.55 and previous versions the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of rel...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Debian Debian Linux 8.0
5
CVSSv2
CVE-2016-1000338
In Bouncy Castle JCE Provider version 1.55 and previous versions the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow ...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
3.6
CVSSv2
CVE-2018-5382
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an malicious user to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore gener...
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api
Redhat Satellite 6.4
Redhat Satellite Capsule 6.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »