Vulnerabilities > Bouncycastle > Legion OF THE Bouncy Castle Java Crytography API > 1.34
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-04 | CVE-2016-1000352 | Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. | 7.4 |
| 2018-06-04 | CVE-2016-1000346 | Key Management Errors vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. | 3.7 |
| 2018-06-04 | CVE-2016-1000345 | 7PK - Time and State vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. | 5.9 |
| 2018-06-04 | CVE-2016-1000344 | Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. | 7.4 |
| 2018-06-04 | CVE-2016-1000343 | Cryptographic Issues vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. | 7.5 |
| 2018-06-04 | CVE-2016-1000342 | Improper Verification of Cryptographic Signature vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. | 7.5 |
| 2018-06-04 | CVE-2016-1000341 | 7PK - Time and State vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. | 5.9 |
| 2018-06-04 | CVE-2016-1000339 | Cryptographic Issues vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. | 5.3 |
| 2018-04-16 | CVE-2018-5382 | Improper Validation of Integrity Check Value vulnerability in multiple products The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. | 4.4 |
| 2017-12-13 | CVE-2017-13098 | Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. | 5.9 |