Lucene search
K

24 matches found

vulnersOsv
vulnersOsv
added 2026/04/17 6:31 p.m.10 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +16281 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-jdk18on (>=1.74 <=1.83)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.74, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.7 and more Source cves: CVE-2026-0636 Source advisory: OSV:GHSA-C3FC-8QFF-9HWX...

6.9CVSS5.7AI score0.00527EPSS
Exploits0
OSV
OSV
added 2026/04/15 10:16 a.m.4 views

DEBIAN-CVE-2026-0636

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/04/15 10:16 a.m.9 views

com.github.bjlhx15:common-pdf (=0.0.4), com.github.rjolly:flying-saucer (>=9.1.20 <=9.1.25) +81 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-jdk14 (>=1.59 <=1.83)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.59, =9.1.20, =0.1.1, =2.2, =2.0.1, =7.0, =1.5, =12.3, =1.2.0, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0, =1.2.6 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075264...

9.3CVSS7.6AI score0.00313EPSS
Exploits0
Snyk
Snyk
added 2026/04/15 10:16 a.m.16 views

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

9.3CVSS5.7AI score0.00313EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/15 10:13 a.m.9 views

org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83), org.bouncycastle:bcpg-debug-jdk14 (>=1.81 <=1.83) +3 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-debug-jdk14 (>=1.81 <=1.83)

org.bouncycastle:bcprov-debug-jdk14 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074607...

9.9CVSS5.8AI score0.00691EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/15 8:59 a.m.3 views

CVE-2026-0636 LDAP Injection Vulnerability in LDAPStoreHelper.java

Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov modules. This vulnerability is associated with program files LDAPStoreHelper. This issue affects BC-JAVA: from 1.74 before 1.80.2, from...

6.9CVSS5.8AI score0.00527EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/22 9:43 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the AESNativeCBC class due to the use of a private instance class, rather than a private static class. An attacker can cause heap exhaustion by triggering excessive memory allocati...

7.1CVSS6.9AI score0.00149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes...

7.5CVSS7.2AI score0.0226EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key...

7.5CVSS7.2AI score0.032EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject...

7.5CVSS7.3AI score0.01796EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000338

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject ext...

7.5CVSS6.4AI score0.0186EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000344

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for...

7.4CVSS7.1AI score0.02208EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2016-1000346

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be us...

4.3CVSS6.2AI score0.02303EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/13 9:52 a.m.16 views

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +12782 more potentially affected by CVE-2025-8916 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.78.1)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.8.7 and more Source cves: CVE-2025-8916 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-11789695...

6.3CVSS6.7AI score0.0043EPSS
Exploits0
Snyk
Snyk
added 2025/08/13 9:52 a.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to improper processing of large name constraint structures in PKIXCertPathReviewer. An attacker can cause excessive resource allocation by submitting specially crafted ASN.1...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/13 9:52 a.m.10 views

Allocation of Resources Without Limits or Throttling

Overview org.bouncycastle:bcprov-jdk16 is a Bouncy Castle Crypto package that is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6. Affected versions of this package are vulnerable to Allocatio...

6.3CVSS6.8AI score0.0043EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/08/12 9:40 a.m.14 views

cn.loyom.boot:loyom-boot-cache (=1.0.0-JDK21), cn.loyom.boot:loyom-boot-common (=1.0.0-JDK21) +163 more potentially affected by CVE-2025-8885 via org.bouncycastle:bcprov-lts8on (>=2.73.0 <=2.73.4)

org.bouncycastle:bcprov-lts8on MAVEN version =2.73.0, =2.73.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.bouncycastle:bcprov-lts8on and may be impacted: - cn.loyom.boot:loyom-boot-cache =1.0.0-JDK21 - cn.loyom.boot:loyom-boot-common =1.0.0-JDK...

6.3CVSS6.7AI score0.00505EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 5:43 p.m.7 views

br.net.woodstock.rockframework:rockframework-core (>=1.2.1 <=1.2.2), com.alanpoi:alanpoi-all (>=1.3.5 <=3.0.0) +64 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk14 (>=1.38 <=1.55)

org.bouncycastle:bcprov-jdk14 MAVEN version =1.38, =1.2.1, =1.3.5, =1.3.5, =2.0, =1.0, =1.6.1.P24, =1.7, =0.0.1, =1.0, =1.1 - com.github.lkkushan101.RestAssuredPDFReport:com.github.lkkushan101.RestAssuredPDFReport =1.00 - com.github.lkkushan101.appiumlocator:com.github.lkkushan101.appiumlocator...

7.4CVSS7.1AI score0.02208EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2018/10/18 5:43 p.m.7 views

ae.vigilancer.android-run-app:ae.vigilancer.android-run-app.gradle.plugin (>=1.0.1 <=1.0.2), aero.m-click:mcpdf (>=0.2.3 <=0.2.4) +6778 more potentially affected by CVE-2016-1000344 via org.bouncycastle:bcprov-jdk15on (>=1.46 <=1.55)

org.bouncycastle:bcprov-jdk15on MAVEN version =1.46, =1.0.1, =0.2.3, =0.42.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.1, =1.4.3 and more Source cves: CVE-2016-1000344 Source advisory: OSV:GHSA-2J2X-HX4G-2GF4...

7.4CVSS7.1AI score0.02208EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2018/09/11 7:53 a.m.6 views

bouncycastle: Information exposure in DSA signature generation via timing attack

In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k...

5.9CVSS7.1AI score0.02606EPSS
Exploits0References4
Rows per page
Query Builder