Vulnerabilities > Bouncycastle > Legion OF THE Bouncy Castle Java Crytography API > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2018-07-09	CVE-2018-1000613	Unsafe Reflection vulnerability in multiple products Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. network low complexity bouncycastle netapp opensuse oracle CWE-470 critical	9.8
2009-03-30	CVE-2007-6721	Unspecified vulnerability in Bouncycastle products The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes." network low complexity bouncycastle critical	10.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.