github.com/bcgit/bc-java advisories | Ecosyste.ms: OpenCollective

Low

GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg

Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: github
Published: 8 months ago

Moderate

GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ

Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bcprov-jdk18on
Source: github
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1ocjhnLTZ2OTQteDRtOc4AA0NP

Bouncy Castle For Java LDAP injection vulnerability
Ecosystems: maven
Packages: org.bouncycastle:bcprov-debug-jdk15on, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-debug-jdk14, org.bouncycastle:bcprov-ext-jdk14, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-debug-jdk18on, org.bouncycastle:bcprov-debug-jdk15to18, org.bouncycastle:bcprov-ext-jdk18on, org.bouncycastle:bcprov-ext-jdk15to18, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: github
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS02OG04LXY4OWotN2oycM4AAv98

Garbage collection issue in BC-FJA in Java 13 and later
Ecosystems: maven
Packages: org.bouncycastle:bc-fips
Source: github
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS13cndmLXBtbWotdzk4Oc32Ww

Observable Discrepancy in BouncyCastle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: github
Published: over 2 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczeHYtdzVncC1mcnho

Logic error in Legion of the Bouncy Castle BC Java
Ecosystems: maven
Packages: org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk15to18
Source: github
Published: over 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcybTUtZnZ2di01NW02

Observable Differences in Behavior to Error Inputs in Bouncy Castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: over 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncDQtcXJmZi1jNjQ4

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqMngtaHg0Zy0yZ2Y0

In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB mode
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyODUtd2Y5cS01dzY5

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

Low

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcW0tMjQ2Yy1td3Fn

In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJydngtcHdmOC1wNTlw

In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjajctZzJqNS1nN3Iz

In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5Y2gtbTRmaC1mYzdx

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5N3gtM2c4Zi1neDNt

The Bouncy Castle JCE Provider carry a propagation bug
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4eGYtbTRmZi1qY3hq

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aGotOThyNi00MjRo

In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0NDYtNjU2cC1mNTRn

Deserialization of Untrusted Data in Bouncy castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: github
Published: about 6 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxajctajhqNS1mMnhy

Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago