18 matches found
com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +176 more potentially affected by CVE-2026-8149 via org.bouncycastle:bc-fips (>=2.1.0 <=2.1.2)
org.bouncycastle:bc-fips MAVEN version =2.1.0, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =3.1.2-822, =3.1.2-822, =3.1.2-822, =3.1.2-822, =3.1.3-828 - com.itextpdf:bouncy-castle-fips-adapter =9.6.0 - com.sap.cloud.ans:clm-sl-alert-notification-client =1.13.0 - io.nats.nkeys:fips-jdk17...
com.github.cafaudit:caf-audit-binding-elasticsearch (>=5.0.3-1321 <=5.0.4-1329), com.github.cafaudit:caf-audit-monkey-container (>=5.0.3-1321 <=5.0.4-1329) +80 more potentially affected by CVE-2026-8149 via org.bouncycastle:bc-fips (>=2.1.0 <=2.1.1)
org.bouncycastle:bc-fips MAVEN version =2.1.0, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =5.0.3-1321, =3.1.2-822, =3.1.2-822, =3.1.2-822, =3.1.2-822, =4.10.0, =4.10.0, =4.10.0, =4.10.0, =4.10.0, =4.10.2 and more Source cves: CVE-2026-8149 Source advisory:...
CVE-2026-8149
A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-LTS: from 2.73.0 through 2.73.10...
CVE-2026-5588 PKIX draft CompositeVerifier accepts empty signature sequence as valid.
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all pkix modules, Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All pkix modules, Legion of the Bouncy Castle Inc. BCPIX-LTS bcpkix on All pkix modules. This vulnerability...
SUSE CVE-2025-12194
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...
com.itextpdf:bouncy-castle-fips-adapter (=9.6.0), org.openidentityplatform.opendj:opendj-cli (=4.10.2) +70 more potentially affected by CVE-2025-12194 via org.bouncycastle:bc-fips (=2.1.1)
org.bouncycastle:bc-fips MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.itextpdf:bouncy-castle-fips-adapter =9.6.0 - org.openidentityplatform.opendj:opendj-cli =4.10.2 -...
Linux Distros Unpatched Vulnerability : CVE-2025-9092
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips API modules allows Excessive...
CVE-2025-9340 native encrypt/decrypt operations in JCE may corrupt data if same byte array used for input and output.
Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bc-fips on All API modules. This vulnerability is associated with program files org/bouncycastle/jcajce/provider/BaseCipher. This issue affects Bouncy Castle for Java: from BC-FJA 2.1.0 through 2.1.0...
CVE-2025-9340
CVE-2025-9340 is an Out-of-bounds Write vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java—BC-FJA 2.1.0 (API modules), affecting the file org/bouncycastle/jcajce/provider/BaseCipher. IBM security bulletins confirm this issue alongside CVE-2025-9341 and tie the impact to BC-F...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via org.Bouncycastle.Crypto.Fips.NativeLoader. An attacker can cause excessive resource allocation by deploying hybrid modules in multi-JVM environments, potentially leading to resour...
com.ascentstream.pulsar:bcfips-include-test (>=2.10.6.9 <=3.0.8.0-SNAPSHOT-16a7bcc), com.ascentstream.pulsar:bouncy-castle-bcfips (>=2.10.6.9 <=3.0.14.1) +20 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcpkix-fips (>=1.0.1 <=1.0.7)
org.bouncycastle:bcpkix-fips MAVEN version =1.0.1, =2.10.6.9, =2.10.6.9, =2.1.2, =8.0.0, =1.2.0, =1.17.0, =1.17.0, =1.0.0, =1.0.0, =3.0.0-FINAL, =3.0.0-FINAL, =1.0.0, =1.0.1 - io.skuber:skuber-examples2.12 =2.6.3 - io.skuber:skuber-examples2.13 =2.6.3 and more Source cves: CVE-2025-8916 Source...
com.ascentstream.pulsar:bcfips-include-test (>=3.0.7.0-SNAPSHOT-a030c50 <=3.0.8.0-SNAPSHOT-16a7bcc), com.ascentstream.pulsar:bouncy-castle-bcfips (>=3.0.7.0-SNAPSHOT-a030c50 <=4.0.11.0) +13 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcpkix-fips (>=1.0.5 <=2.0.11)
org.bouncycastle:bcpkix-fips MAVEN version =1.0.5, =3.0.7.0-SNAPSHOT-a030c50, =3.0.7.0-SNAPSHOT-a030c50, =2.1.2, =8.0.0, =1.2.0, =1.17.0, =1.17.0, =3.1.0, =3.0.0.1, =3.0.0.1, =3.13.14, =3.0.0, =1.0.4, =1.0.0, =19.0.0, =25.0.6 Source cves: CVE-2025-8916 Source advisory:...
com.itextpdf:bouncy-castle-fips-adapter (>=9.0.0 <=9.5.0), org.apache.camel.springboot:camel-opensearch-starter (=4.12.0) +13 more potentially affected by CVE-2025-8885 via org.bouncycastle:bc-fips (=2.0.0)
org.bouncycastle:bc-fips MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bc-fips and may be impacted: - com.itextpdf:bouncy-castle-fips-adapter =9.0.0, =3.22.0, =26.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0,...
DEBIAN-CVE-2025-8885
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerability is associated with program files...
UBUNTU-CVE-2025-8885
Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BC-FJA bc-fips on All allows Excessive Allocation. This vulnerability is associated with program files...
com.ascentstream.pulsar:bouncy-castle-bcfips (>=3.0.16.0 <=4.0.11.0), com.ascentstream.pulsar:pulsar-package-bookkeeper-storage (>=3.0.18.0 <=4.0.11.0) +26 more potentially affected by CVE-2025-8885 via org.bouncycastle:bc-fips (>=2.0.0 <=2.0.1)
org.bouncycastle:bc-fips MAVEN version =2.0.0, =3.0.16.0, =3.0.18.0, =9.0.0, =4.0.7.1, =4.0.7.1, =3.0.15, =3.0.17, =2.0.9, =2.0.7, =2.0.19, =2.0.23 and more Source cves: CVE-2025-8885 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11785881...
co.elastic.apm:apm-agent-attach-cli (>=1.26.0 <=1.49.0), com.adobe.documentservices:pdfservices-sdk (>=2.2.2 <=3.5.0) +105 more potentially affected by CVE-2022-45146 via org.bouncycastle:bc-fips (>=1.0.1 <=1.0.2.3)
org.bouncycastle:bc-fips MAVEN version =1.0.1, =1.26.0, =2.2.2, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =3.0.34.RELEASE, =8.0.0, =16.1.0, =1.2.0, =3.1.23, =3.0.0-FINAL, =3.0.0-FINAL, =0.6.0, =0.7.0 - io.github.embedded-middleware:embedded-bookkeeper-core =0.0.1 and more Source cves:...
com.ascentstream.pulsar:bcfips-include-test (>=2.10.6.9 <=2.10.7.4-SNAPSHOT-35e64fa), com.ascentstream.pulsar:bouncy-castle-bcfips (>=2.10.6.9 <=2.10.7.16) +73 more potentially affected by CVE-2020-15522 via org.bouncycastle:bc-fips (>=1.0.1 <=1.0.2)
org.bouncycastle:bc-fips MAVEN version =1.0.1, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =3.0.34.RELEASE, =3.0.0-FINAL, =3.0.0-FINAL, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.13.0 - io.skuber:skuber-examples2.12 =2.6.3 - io.skuber:skuber-examples2.13 =2.6.3 and more Source cves:...