Vulnerabilities > Bouncycastle > Bouncy Castle Crypto Package
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-11-09 | CVE-2015-7940 | Information Exposure vulnerability in multiple products The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." | 5.0 |
| 2009-03-30 | CVE-2007-6721 | Unspecified vulnerability in Bouncycastle products The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes." | 10.0 |