Vulnerabilities > Bouncycastle > Legion OF THE Bouncy Castle Java Crytography API > 1.54
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-05 | CVE-2018-1000180 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. | 7.5 |
| 2018-06-04 | CVE-2016-1000352 | Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. | 7.4 |
| 2018-06-04 | CVE-2016-1000346 | Key Management Errors vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. | 3.7 |
| 2018-06-04 | CVE-2016-1000345 | 7PK - Time and State vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. | 5.9 |
| 2018-06-04 | CVE-2016-1000344 | Cryptographic Issues vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. | 7.4 |
| 2018-06-04 | CVE-2016-1000343 | Cryptographic Issues vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. | 7.5 |
| 2018-06-04 | CVE-2016-1000342 | Improper Verification of Cryptographic Signature vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. | 7.5 |
| 2018-06-04 | CVE-2016-1000341 | 7PK - Time and State vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. | 5.9 |
| 2018-06-04 | CVE-2016-1000340 | Data Processing Errors vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). | 7.5 |
| 2018-06-04 | CVE-2016-1000339 | Cryptographic Issues vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. | 5.3 |