139 matches found
ROOT-APP-MAVEN-CVE-2026-5598 CVE-2026-5598 in io.root.org.bouncycastle:bcprov-jdk18on - Patched by Root
Root has patched CVE-2026-5598 in the io.root.org.bouncycastle:bcprov-jdk18on package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2026-0636 CVE-2026-0636 in io.root.org.bouncycastle:bcprov-jdk18on - Patched by Root
Root has patched CVE-2026-0636 in the io.root.org.bouncycastle:bcprov-jdk18on package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2025-14813 CVE-2025-14813 in io.root.org.bouncycastle:bcprov-jdk18on - Patched by Root
Root has patched CVE-2025-14813 in the io.root.org.bouncycastle:bcprov-jdk18on package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2023-33202 CVE-2023-33202 in io.root.org.bouncycastle:bcprov-jdk15on - Patched by Root
Root has patched CVE-2023-33202 in the io.root.org.bouncycastle:bcprov-jdk15on package for Root:Maven. Multiple fixed versions available...
CVE-2026-15997
BC-LTS bcprov-lts8on (ARM) contains a native C vulnerability in SHA3/SHAKE handling: restoreFullState may underflow size_t in crafted encoded state, enabling an out-of-bounds write. Affects BC-LTS 2.73.0–before 2.73.12.1; control flows that accept memoable SHA3/SHAKE states from untrusted sources...
ROOT-APP-MAVEN-CVE-2024-34447 CVE-2024-34447 in io.root.org.bouncycastle:bcprov-jdk15on - Patched by Root
Root has patched CVE-2024-34447 in the io.root.org.bouncycastle:bcprov-jdk15on package for Root:Maven. Multiple fixed versions available...
ROOT-APP-MAVEN-CVE-2024-30171 CVE-2024-30171 in io.root.org.bouncycastle:bcprov-jdk15on - Patched by Root
Root has patched CVE-2024-30171 in the io.root.org.bouncycastle:bcprov-jdk15on package for Root:Maven. Multiple fixed versions available...
Use Of A Broken Or Risky Cryptographic Algorithm
BC-JAVA bcprov is vulnerable to the Use of a Broken or Risky Cryptographic Algorithm. The vulnerability is due to flaws in the G3413CTRBlockCipher implementation, where the affected cryptographic algorithm can provide weakened cryptographic protection, allowing attackers to compromise the...
Security Bulletin: Multiple Vulnerabilities in bcprov package bundled with IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage
Summary IBM Fusion, IBM Fusion HCI, IBM Fusion Data Cataloging, and IBM Fusion Content-Aware Storage include bcprov library, which is susceptible to use of broken cryptographic algorithm, Improper neutralization, covert timing channel vulnerabilities CVE-2025-14813, CVE-2026-0636, CVE-2026-5598...
Security Bulletin: MongoDB Enterprised Advanced affected by: Use of a Broken or Risky Cryptographic Algorithm, Covert Timing Channel (CVE-2025-14813, CVE-2026-5598)
Summary There are vulnerabilities in bcprov-jdk18on-1.83.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-14813, CVE-2026-5598. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm...
Security Bulletin: IBM Technical Support Appliance is affected by an LDAP Injection Vulnerability in Bouncy Castle BC-JAVA
Summary IBM Technical Support Appliance TSA includes a vulnerable version of the Bouncy Castle BC-JAVA provider library bcprov-jdk18on-1.78.1.jar. A flaw in the BC-JAVA LDAP certificate store implementation LDAPStoreHelper could allow improper neutralization of special elements used in LDAP...
Security Bulletin: There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-14813)
Summary There is a vulnerability in bcprov-jdk18on-1.81.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-14813 DESCRIPTION: : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA...
Linux Distros Unpatched Vulnerability : CVE-2025-14813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC- JAVA bcprov on all core modules. This vulnerability is...
Linux Distros Unpatched Vulnerability : CVE-2026-0636
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper neutralization of special elements used in an LDAP query 'LDAP injection' vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all prov...
org.bouncycastle:bcmail-jdk14 (>=1.74 <=1.83), org.bouncycastle:bcpg-jdk14 (>=1.74 <=1.83) +11 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-jdk14 (>=1.74 <=1.83)
org.bouncycastle:bcprov-jdk14 MAVEN version =1.74, =1.74, =1.74, =1.74, =1.74, =1.74, =0.2.5, =1.0.1-rc.1, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.2.0, =9.3.2 Source cves: CVE-2026-0636 Source advisory: OSV:GHSA-C3FC-8QFF-9HWX...
LDAP Injection
Overview Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search filters by supplying a crafted X.500 subject or issuer string that is parsed into an...
org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) +4 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-debug-jdk15to18 (>=1.81 <=1.83)
org.bouncycastle:bcprov-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-0636 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075250...
app.cash.bittycity:outie (=0.0.1), app.cash.bittycity:outie-jooq-provider (=0.0.1) +1229 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-jdk15to18 (>=1.74 <=1.83)
org.bouncycastle:bcprov-jdk15to18 MAVEN version =1.74, =0.0.2, =0.0.2.1, =0.1.0-M36, =0.1.0-M27, =1.0.1, =3.5.0.0, =3.5.5.3 - cn.lnkdoc.sdk:awesome-uia-alipay-sdk =3.0.0-RC1 - cn.lnkdoc.sdk:awesome-uia-alipay-sdk-solon-boot-2-starter =3.0.0-RC1 -...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +16281 more potentially affected by CVE-2026-0636 via org.bouncycastle:bcprov-jdk18on (>=1.74 <=1.83)
org.bouncycastle:bcprov-jdk18on MAVEN version =1.74, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.7 and more Source cves: CVE-2026-0636 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075254...
LDAP Injection
Overview org.bouncycastle:bcprov-jdk14 is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to LDAP Injection via the parseDN handling and the LDAP store helpers in X509LDAPCertStoreSpi and LDAPStoreHelper. An attacker can influence LDAP search...