← Back

Bouncy Castle Crypto Package

bouncy-castle-crypto-package

Vendor: Bouncycastle • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-7940
3Bouncycastle
OpensuseOracle
7Application Testing Suite
Bouncy Castle Crypto PackageEnterprise Manager Ops Center+4 more
May 6, 2026
Nov 9, 2015
N/A· v4
N/A· v3
5.0 MEDIUM· v2
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman...Show more
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."Show less
CVE-2007-6721
1Bouncycastle
2Bc Java
Bouncy Castle Crypto Package
Apr 23, 2026
Mar 30, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple...Show more
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."Show less