Vulnerabilities > Bouncycastle > Legion OF THE Bouncy Castle Java Crytography API > 1.54

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-01	CVE-2016-1000338	Improper Verification of Cryptographic Signature vulnerability in multiple products In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. network low complexity bouncycastle redhat canonical netapp CWE-347	7.5
2017-12-13	CVE-2017-13098	Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. network high complexity bouncycastle CWE-203	5.9
2016-04-18	CVE-2016-2427	Information Exposure vulnerability in multiple products The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic protection mechanism and discover an authentication key via a crafted application, aka internal bug 26234568. local low complexity bouncycastle google CWE-200	5.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.