Vulnerabilities > Bouncycastle > Legion OF THE Bouncy Castle Java Crytography API > High

DATE	CVE	VULNERABILITY TITLE	RISK
2020-12-18	CVE-2020-28052	An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. network high complexity bouncycastle apache oracle	8.1
2019-10-08	CVE-2019-17359	Allocation of Resources Without Limits or Throttling vulnerability in multiple products The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. network low complexity bouncycastle apache netapp oracle CWE-770	7.5
2018-06-05	CVE-2018-1000180	Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. network low complexity bouncycastle debian oracle netapp redhat CWE-327	7.5
2018-06-04	CVE-2016-1000343	Cryptographic Issues vulnerability in multiple products In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. network low complexity bouncycastle debian CWE-310	7.5
2018-06-01	CVE-2016-1000338	Improper Verification of Cryptographic Signature vulnerability in multiple products In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. network low complexity bouncycastle redhat canonical netapp CWE-347	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.