139 matches found
CVE-2026-0636
CVE-2026-0636 affects BC-JAVA:bcprov libraries from Legion of the Bouncy Castle Inc. Affected versions are 1.49 up to but not including 1.84. The issue is an LDAP injection in LDAPStoreHelper.java caused by improper neutralization of special LDAP query elements. This results in a high-impact vuln...
CVE-2026-0636
Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities, which were caused by improper handling of special elements in LDAP queries. These vulnerabilities could lead to...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to version 1.84 contained security vulnerabilities. These vulnerabilities stemmed from the use of defective or insecure encryption algorithms, which could...
PT-2026-33031
Name of the Vulnerable Software and Affected Versions BC-JAVA versions 1.49 through 1.83 BCPKIX-FIPS versions 2.0.6 through 2.0.10 BCPKIX-FIPS versions 2.1.7 through 2.1.10 Description The PKIX draft CompositeVerifier accepts an empty signature sequence as valid. This issue is associated with the...
PT-2026-33028
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all core modules. This vulnerability is associated with program files G3413CTRBlockCipher. GOSTCTR implementation unable to process more than 255 blocks correctly. This issue affec...
PT-2026-33032
Name of the Vulnerable Software and Affected Versions BC-JAVA versions 1.71 through 1.83 Description A covert timing channel exists in the BC-JAVA core modules, specifically associated with the program files FrodoEngine.Java. A covert timing channel is a method of transferring information from on...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java from 1.49 to 1.84 contained security vulnerabilities. These vulnerabilities were due to the use of defective encryption algorithms, which could allow empty...
Bouncy Castle Java 安全漏洞
Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. Versions of Bouncy Castle Java prior to 1.84 contained security vulnerabilities. These vulnerabilities stemmed from unlimited resource allocation, which could lead to exhaustion of pre-authoriz...
PT-2026-33030
Name of the Vulnerable Software and Affected Versions BC-JAVA versions prior to 1.84 Description An issue in the bcpg modules allows for unbounded PGP AEAD chunk size, which can lead to pre-authentication resource exhaustion. Resource exhaustion occurs when a system lacks limits or throttling on...
Quantum-Safe Code Auditing: LLM-Assisted Static Analysis and Quantum-Aware Risk Scoring for Post-Quantum Cryptography Migration
The impending arrival of cryptographically relevant quantum computers CRQCs threatens the security foundations of modern software: Shor's algorithm breaks RSA, ECDSA, ECDH, and Diffie-Hellman, while Grover's algorithm reduces the effective security of symmetric and hash-based schemes. Despite NIS...
Security Bulletin: Bouncy Castle for Java BC-FJA NativeLoader Resource Consumption Issue, affects watsonx.data
Summary Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips API modules allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader. This issue affects Boun...
Security Bulletin: Uncontrolled Resource Allocation in Bouncy Castle Java PKIXCertPathReviewer Leading to Excessive Allocation, which affects IBM watsonx.data
Summary Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the Bouncy Castle Inc. BC Java bcprov on All API modules, Legion of the Bouncy Castle Inc. BCPKIX FIPS bcpkix-fips on All API modules allows...
Security Bulletin: multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java API
Summary multiple vulerability in IBM Spectrum Symphony with Bouncy Castle Java TLS API Vulnerability Details CVEID:CVE-2025-8916 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcpkix on All API modules, Legion of the...
Security Bulletin: Multiple Vulnerabilities in IBM StreamSets Data Collector
Summary Multiple vulnerabilities were addressed in IBM StreamSets Data Collector version 6.4.0. Vulnerability Details CVEID:CVE-2015-5262 DESCRIPTION: http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setti...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an uncontrolled resource consumption and out of bounds write in Bouncy Castle [CVE-2025-9341, CVE-2025-9340]
Summary IBM Watson Speech Services Cartridge is vulnerable to an uncontrolled resource consumption and out of bounds write in Bouncy Castle, due to issues in AESNativeCBC.Java and AESNativeCBC.Java which allow excessive allocation CVE-2025-9341 and issues in jcajce/provider/BaseCipher...
CVE-2025-12194
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...
GHSA-JV6H-4262-Q663 Bouncy Castle Vulnerable to Uncontrolled Resource Consumption
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...
Bouncy Castle Vulnerable to Uncontrolled Resource Consumption
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...
CVE-2025-12194
Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...