Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.bouncycastle/bcprov-jdk15on@1.51
Typemaven
Namespaceorg.bouncycastle
Namebcprov-jdk15on
Version1.51
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2j9r-6zbp-m3bz
vulnerability_id VCID-2j9r-6zbp-m3bz
summary 
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30171
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.28037
published_at 2026-04-13T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.28131
published_at 2026-04-09T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28137
published_at 2026-04-11T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28094
published_at 2026-04-12T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28535
published_at 2026-04-07T12:55:00Z
5
value 0.00105
scoring_system epss
scoring_elements 0.2868
published_at 2026-04-02T12:55:00Z
6
value 0.00105
scoring_system epss
scoring_elements 0.2873
published_at 2026-04-04T12:55:00Z
7
value 0.00105
scoring_system epss
scoring_elements 0.28601
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30171
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
5
reference_url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
6
reference_url https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
7
reference_url https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
8
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30171
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30171
10
reference_url https://security.netapp.com/advisory/ntap-20240614-0008
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240614-0008
11
reference_url https://www.bouncycastle.org/latest_releases.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://www.bouncycastle.org/latest_releases.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
reference_id 1070655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2276360
reference_id 2276360
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2276360
14
reference_url https://github.com/advisories/GHSA-v435-xc8x-wvr9
reference_id GHSA-v435-xc8x-wvr9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v435-xc8x-wvr9
15
reference_url https://security.netapp.com/advisory/ntap-20240614-0008/
reference_id ntap-20240614-0008
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/
url https://security.netapp.com/advisory/ntap-20240614-0008/
16
reference_url https://access.redhat.com/errata/RHSA-2024:4173
reference_id RHSA-2024:4173
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4173
17
reference_url https://access.redhat.com/errata/RHSA-2024:4271
reference_id RHSA-2024:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4271
18
reference_url https://access.redhat.com/errata/RHSA-2024:4326
reference_id RHSA-2024:4326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4326
19
reference_url https://access.redhat.com/errata/RHSA-2024:4505
reference_id RHSA-2024:4505
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4505
20
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
21
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
22
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
23
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.78
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.78
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.78
aliases CVE-2024-30171, GHSA-v435-xc8x-wvr9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j9r-6zbp-m3bz
1
url VCID-2u8v-56gn-8uc2
vulnerability_id VCID-2u8v-56gn-8uc2
summary 
Timing based private key exposure in Bouncy Castle
Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15522.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15522.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15522
reference_id
reference_type
scores
0
value 0.0057
scoring_system epss
scoring_elements 0.68612
published_at 2026-04-13T12:55:00Z
1
value 0.0057
scoring_system epss
scoring_elements 0.68546
published_at 2026-04-01T12:55:00Z
2
value 0.0057
scoring_system epss
scoring_elements 0.68565
published_at 2026-04-02T12:55:00Z
3
value 0.0057
scoring_system epss
scoring_elements 0.68583
published_at 2026-04-04T12:55:00Z
4
value 0.0057
scoring_system epss
scoring_elements 0.6856
published_at 2026-04-07T12:55:00Z
5
value 0.0057
scoring_system epss
scoring_elements 0.68611
published_at 2026-04-08T12:55:00Z
6
value 0.0057
scoring_system epss
scoring_elements 0.68629
published_at 2026-04-09T12:55:00Z
7
value 0.0057
scoring_system epss
scoring_elements 0.68654
published_at 2026-04-11T12:55:00Z
8
value 0.0057
scoring_system epss
scoring_elements 0.68641
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15522
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://security.netapp.com/advisory/ntap-20210622-0007
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210622-0007
5
reference_url https://www.bouncycastle.org/releasenotes.html
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.bouncycastle.org/releasenotes.html
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1962879
reference_id 1962879
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1962879
7
reference_url https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522
reference_id CVE-2020-15522
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522
8
reference_url https://github.com/bcgit/bc-java/wiki/CVE-2020-15522
reference_id CVE-2020-15522
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/wiki/CVE-2020-15522
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15522
reference_id CVE-2020-15522
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15522
10
reference_url https://github.com/advisories/GHSA-6xx3-rg99-gc3p
reference_id GHSA-6xx3-rg99-gc3p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xx3-rg99-gc3p
11
reference_url https://access.redhat.com/errata/RHSA-2021:1401
reference_id RHSA-2021:1401
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1401
12
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
13
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
14
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
15
reference_url https://access.redhat.com/errata/RHSA-2022:1029
reference_id RHSA-2022:1029
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1029
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.66
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.66
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-4rs8-tp92-p7ck
2
vulnerability VCID-abxq-7eq3-g7dp
3
vulnerability VCID-amzx-sbps-xke5
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.66
aliases CVE-2020-15522, GHSA-6xx3-rg99-gc3p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8v-56gn-8uc2
2
url VCID-31h9-7jrr-9kdt
vulnerability_id VCID-31h9-7jrr-9kdt
summary In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000340
reference_id
reference_type
scores
0
value 0.00397
scoring_system epss
scoring_elements 0.60573
published_at 2026-04-09T12:55:00Z
1
value 0.00397
scoring_system epss
scoring_elements 0.60558
published_at 2026-04-13T12:55:00Z
2
value 0.00397
scoring_system epss
scoring_elements 0.60579
published_at 2026-04-12T12:55:00Z
3
value 0.00397
scoring_system epss
scoring_elements 0.60594
published_at 2026-04-11T12:55:00Z
4
value 0.00397
scoring_system epss
scoring_elements 0.60436
published_at 2026-04-01T12:55:00Z
5
value 0.00397
scoring_system epss
scoring_elements 0.60512
published_at 2026-04-02T12:55:00Z
6
value 0.00397
scoring_system epss
scoring_elements 0.60538
published_at 2026-04-04T12:55:00Z
7
value 0.00397
scoring_system epss
scoring_elements 0.60508
published_at 2026-04-07T12:55:00Z
8
value 0.00397
scoring_system epss
scoring_elements 0.60557
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000340
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00
7
reference_url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31
8
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
10
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588688
reference_id 1588688
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588688
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000340
reference_id CVE-2016-1000340
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000340
14
reference_url https://github.com/advisories/GHSA-r97x-3g8f-gx3m
reference_id GHSA-r97x-3g8f-gx3m
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r97x-3g8f-gx3m
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000340, GHSA-r97x-3g8f-gx3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-31h9-7jrr-9kdt
3
url VCID-4rs8-tp92-p7ck
vulnerability_id VCID-4rs8-tp92-p7ck
summary 
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29857
reference_id
reference_type
scores
0
value 0.00191
scoring_system epss
scoring_elements 0.40999
published_at 2026-04-02T12:55:00Z
1
value 0.00191
scoring_system epss
scoring_elements 0.41005
published_at 2026-04-08T12:55:00Z
2
value 0.00191
scoring_system epss
scoring_elements 0.40956
published_at 2026-04-07T12:55:00Z
3
value 0.00191
scoring_system epss
scoring_elements 0.41031
published_at 2026-04-04T12:55:00Z
4
value 0.00252
scoring_system epss
scoring_elements 0.48553
published_at 2026-04-09T12:55:00Z
5
value 0.00252
scoring_system epss
scoring_elements 0.4856
published_at 2026-04-13T12:55:00Z
6
value 0.00252
scoring_system epss
scoring_elements 0.48547
published_at 2026-04-12T12:55:00Z
7
value 0.00252
scoring_system epss
scoring_elements 0.48574
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29857
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63
5
reference_url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/
url https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857
6
reference_url https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f
7
reference_url https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281
8
reference_url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/
url https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29857
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29857
10
reference_url https://security.netapp.com/advisory/ntap-20241206-0008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0008
11
reference_url https://www.bouncycastle.org/latest_releases.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/
url https://www.bouncycastle.org/latest_releases.html
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
reference_id 1070655
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2293028
reference_id 2293028
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2293028
14
reference_url https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
reference_id GHSA-8xfc-gm6g-vgpv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8xfc-gm6g-vgpv
15
reference_url https://access.redhat.com/errata/RHSA-2024:4271
reference_id RHSA-2024:4271
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4271
16
reference_url https://access.redhat.com/errata/RHSA-2024:4326
reference_id RHSA-2024:4326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4326
17
reference_url https://access.redhat.com/errata/RHSA-2024:4505
reference_id RHSA-2024:4505
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4505
18
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
19
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
20
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
21
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.78
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.78
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.78
aliases CVE-2024-29857, GHSA-8xfc-gm6g-vgpv
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4rs8-tp92-p7ck
4
url VCID-abxq-7eq3-g7dp
vulnerability_id VCID-abxq-7eq3-g7dp
summary 
Improper Certificate Validation
Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33201
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.5328
published_at 2026-04-02T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53325
published_at 2026-04-13T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53342
published_at 2026-04-12T12:55:00Z
3
value 0.003
scoring_system epss
scoring_elements 0.53306
published_at 2026-04-04T12:55:00Z
4
value 0.003
scoring_system epss
scoring_elements 0.53307
published_at 2026-04-09T12:55:00Z
5
value 0.003
scoring_system epss
scoring_elements 0.53327
published_at 2026-04-08T12:55:00Z
6
value 0.003
scoring_system epss
scoring_elements 0.53275
published_at 2026-04-07T12:55:00Z
7
value 0.003
scoring_system epss
scoring_elements 0.53358
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33201
2
reference_url https://bouncycastle.org
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/
url https://bouncycastle.org
3
reference_url https://bouncycastle.org/releasenotes.html#r1rv74
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bouncycastle.org/releasenotes.html#r1rv74
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
7
reference_url https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd
8
reference_url https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/
url https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc
9
reference_url https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java
10
reference_url https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/
url https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html
11
reference_url https://security.netapp.com/advisory/ntap-20230824-0008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230824-0008
12
reference_url https://security.netapp.com/advisory/ntap-20230824-0008/
reference_id
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/
url https://security.netapp.com/advisory/ntap-20230824-0008/
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050
reference_id 1040050
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2215465
reference_id 2215465
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2215465
15
reference_url https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
reference_id CVE-2023-33201
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/
url https://github.com/bcgit/bc-java/wiki/CVE-2023-33201
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33201
reference_id CVE-2023-33201
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33201
17
reference_url https://github.com/advisories/GHSA-hr8g-6v94-x4m9
reference_id GHSA-hr8g-6v94-x4m9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hr8g-6v94-x4m9
18
reference_url https://access.redhat.com/errata/RHSA-2023:5147
reference_id RHSA-2023:5147
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5147
19
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
20
reference_url https://access.redhat.com/errata/RHSA-2023:7482
reference_id RHSA-2023:7482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7482
21
reference_url https://access.redhat.com/errata/RHSA-2023:7483
reference_id RHSA-2023:7483
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7483
22
reference_url https://access.redhat.com/errata/RHSA-2023:7484
reference_id RHSA-2023:7484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7484
23
reference_url https://access.redhat.com/errata/RHSA-2023:7486
reference_id RHSA-2023:7486
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7486
24
reference_url https://access.redhat.com/errata/RHSA-2023:7488
reference_id RHSA-2023:7488
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7488
25
reference_url https://access.redhat.com/errata/RHSA-2023:7669
reference_id RHSA-2023:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7669
26
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
27
reference_url https://access.redhat.com/errata/RHSA-2024:0278
reference_id RHSA-2024:0278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0278
28
reference_url https://usn.ubuntu.com/8108-1/
reference_id USN-8108-1
reference_type
scores
url https://usn.ubuntu.com/8108-1/
fixed_packages
aliases CVE-2023-33201, GHSA-hr8g-6v94-x4m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abxq-7eq3-g7dp
5
url VCID-ddqw-aj7g-s7c2
vulnerability_id VCID-ddqw-aj7g-s7c2
summary In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000341
reference_id
reference_type
scores
0
value 0.00802
scoring_system epss
scoring_elements 0.74114
published_at 2026-04-11T12:55:00Z
1
value 0.00802
scoring_system epss
scoring_elements 0.74093
published_at 2026-04-09T12:55:00Z
2
value 0.00802
scoring_system epss
scoring_elements 0.74096
published_at 2026-04-12T12:55:00Z
3
value 0.00802
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-13T12:55:00Z
4
value 0.00802
scoring_system epss
scoring_elements 0.74078
published_at 2026-04-08T12:55:00Z
5
value 0.00802
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-07T12:55:00Z
6
value 0.00802
scoring_system epss
scoring_elements 0.74074
published_at 2026-04-04T12:55:00Z
7
value 0.00802
scoring_system epss
scoring_elements 0.74048
published_at 2026-04-02T12:55:00Z
8
value 0.00802
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000341
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa
7
reference_url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588708
reference_id 1588708
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588708
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000341
reference_id CVE-2016-1000341
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000341
17
reference_url https://github.com/advisories/GHSA-r9ch-m4fh-fc7q
reference_id GHSA-r9ch-m4fh-fc7q
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-r9ch-m4fh-fc7q
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000341, GHSA-r9ch-m4fh-fc7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddqw-aj7g-s7c2
6
url VCID-f4qa-9fn6-97az
vulnerability_id VCID-f4qa-9fn6-97az
summary In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000342.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000342.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000342
reference_id
reference_type
scores
0
value 0.00471
scoring_system epss
scoring_elements 0.64634
published_at 2026-04-11T12:55:00Z
1
value 0.00471
scoring_system epss
scoring_elements 0.64616
published_at 2026-04-09T12:55:00Z
2
value 0.00471
scoring_system epss
scoring_elements 0.64621
published_at 2026-04-12T12:55:00Z
3
value 0.00471
scoring_system epss
scoring_elements 0.64551
published_at 2026-04-07T12:55:00Z
4
value 0.00471
scoring_system epss
scoring_elements 0.64593
published_at 2026-04-13T12:55:00Z
5
value 0.00471
scoring_system epss
scoring_elements 0.64565
published_at 2026-04-02T12:55:00Z
6
value 0.00471
scoring_system epss
scoring_elements 0.64511
published_at 2026-04-01T12:55:00Z
7
value 0.00471
scoring_system epss
scoring_elements 0.646
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000342
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
7
reference_url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588715
reference_id 1588715
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588715
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000342
reference_id CVE-2016-1000342
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000342
17
reference_url https://github.com/advisories/GHSA-qcj7-g2j5-g7r3
reference_id GHSA-qcj7-g2j5-g7r3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qcj7-g2j5-g7r3
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000342, GHSA-qcj7-g2j5-g7r3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4qa-9fn6-97az
7
url VCID-f73y-mjrg-yfc9
vulnerability_id VCID-f73y-mjrg-yfc9
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000344.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000344.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000344
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.59912
published_at 2026-04-08T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.59862
published_at 2026-04-07T12:55:00Z
2
value 0.00388
scoring_system epss
scoring_elements 0.59892
published_at 2026-04-04T12:55:00Z
3
value 0.00388
scoring_system epss
scoring_elements 0.59867
published_at 2026-04-02T12:55:00Z
4
value 0.00388
scoring_system epss
scoring_elements 0.5979
published_at 2026-04-01T12:55:00Z
5
value 0.00388
scoring_system epss
scoring_elements 0.59913
published_at 2026-04-13T12:55:00Z
6
value 0.00388
scoring_system epss
scoring_elements 0.59932
published_at 2026-04-12T12:55:00Z
7
value 0.00388
scoring_system epss
scoring_elements 0.59947
published_at 2026-04-11T12:55:00Z
8
value 0.00388
scoring_system epss
scoring_elements 0.59926
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000344
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344
5
reference_url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
6
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
7
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
8
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588314
reference_id 1588314
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588314
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000344
reference_id CVE-2016-1000344
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000344
12
reference_url https://github.com/advisories/GHSA-2j2x-hx4g-2gf4
reference_id GHSA-2j2x-hx4g-2gf4
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-2j2x-hx4g-2gf4
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000344, GHSA-2j2x-hx4g-2gf4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f73y-mjrg-yfc9
8
url VCID-jr7u-m7gc-pydy
vulnerability_id VCID-jr7u-m7gc-pydy
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000339.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000339.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000339
reference_id
reference_type
scores
0
value 0.01119
scoring_system epss
scoring_elements 0.78226
published_at 2026-04-08T12:55:00Z
1
value 0.01119
scoring_system epss
scoring_elements 0.78236
published_at 2026-04-13T12:55:00Z
2
value 0.01119
scoring_system epss
scoring_elements 0.78241
published_at 2026-04-12T12:55:00Z
3
value 0.01119
scoring_system epss
scoring_elements 0.78258
published_at 2026-04-11T12:55:00Z
4
value 0.01119
scoring_system epss
scoring_elements 0.78232
published_at 2026-04-09T12:55:00Z
5
value 0.01119
scoring_system epss
scoring_elements 0.78178
published_at 2026-04-01T12:55:00Z
6
value 0.01119
scoring_system epss
scoring_elements 0.78187
published_at 2026-04-02T12:55:00Z
7
value 0.01119
scoring_system epss
scoring_elements 0.78217
published_at 2026-04-04T12:55:00Z
8
value 0.01119
scoring_system epss
scoring_elements 0.782
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000339
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339
5
reference_url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b
6
reference_url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0
7
reference_url https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588695
reference_id 1588695
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588695
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000339
reference_id CVE-2016-1000339
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000339
17
reference_url https://github.com/advisories/GHSA-c8xf-m4ff-jcxj
reference_id GHSA-c8xf-m4ff-jcxj
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-c8xf-m4ff-jcxj
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000339, GHSA-c8xf-m4ff-jcxj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jr7u-m7gc-pydy
9
url VCID-jua2-2byr-t3cv
vulnerability_id VCID-jua2-2byr-t3cv
summary In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000338.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000338.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000338
reference_id
reference_type
scores
0
value 0.00371
scoring_system epss
scoring_elements 0.58859
published_at 2026-04-07T12:55:00Z
1
value 0.00371
scoring_system epss
scoring_elements 0.5889
published_at 2026-04-04T12:55:00Z
2
value 0.00371
scoring_system epss
scoring_elements 0.58897
published_at 2026-04-13T12:55:00Z
3
value 0.00371
scoring_system epss
scoring_elements 0.58934
published_at 2026-04-11T12:55:00Z
4
value 0.00371
scoring_system epss
scoring_elements 0.58916
published_at 2026-04-12T12:55:00Z
5
value 0.00371
scoring_system epss
scoring_elements 0.5891
published_at 2026-04-08T12:55:00Z
6
value 0.00371
scoring_system epss
scoring_elements 0.58868
published_at 2026-04-02T12:55:00Z
7
value 0.00371
scoring_system epss
scoring_elements 0.58793
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000338
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647
7
reference_url https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0
8
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20231006-0011
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231006-0011
12
reference_url https://security.netapp.com/advisory/ntap-20231006-0011/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231006-0011/
13
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
14
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588313
reference_id 1588313
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588313
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*
reference_id cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000338
reference_id CVE-2016-1000338
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:P/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000338
22
reference_url https://github.com/advisories/GHSA-4vhj-98r6-424h
reference_id GHSA-4vhj-98r6-424h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4vhj-98r6-424h
23
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000338, GHSA-4vhj-98r6-424h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jua2-2byr-t3cv
10
url VCID-ka8b-44hx-mkc5
vulnerability_id VCID-ka8b-44hx-mkc5
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000352.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000352.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000352
reference_id
reference_type
scores
0
value 0.00388
scoring_system epss
scoring_elements 0.59926
published_at 2026-04-09T12:55:00Z
1
value 0.00388
scoring_system epss
scoring_elements 0.59913
published_at 2026-04-13T12:55:00Z
2
value 0.00388
scoring_system epss
scoring_elements 0.59932
published_at 2026-04-12T12:55:00Z
3
value 0.00388
scoring_system epss
scoring_elements 0.59947
published_at 2026-04-11T12:55:00Z
4
value 0.00388
scoring_system epss
scoring_elements 0.5979
published_at 2026-04-01T12:55:00Z
5
value 0.00388
scoring_system epss
scoring_elements 0.59867
published_at 2026-04-02T12:55:00Z
6
value 0.00388
scoring_system epss
scoring_elements 0.59892
published_at 2026-04-04T12:55:00Z
7
value 0.00388
scoring_system epss
scoring_elements 0.59862
published_at 2026-04-07T12:55:00Z
8
value 0.00388
scoring_system epss
scoring_elements 0.59912
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000352
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f
7
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
8
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
9
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588330
reference_id 1588330
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588330
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000352
reference_id CVE-2016-1000352
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:N
1
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000352
13
reference_url https://github.com/advisories/GHSA-w285-wf9q-5w69
reference_id GHSA-w285-wf9q-5w69
reference_type
scores
0
value 7.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-w285-wf9q-5w69
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000352, GHSA-w285-wf9q-5w69
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ka8b-44hx-mkc5
11
url VCID-nau9-4auz-pqbs
vulnerability_id VCID-nau9-4auz-pqbs
summary 
Observable Differences in Behavior to Error Inputs in Bouncy Castle
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26939
reference_id
reference_type
scores
0
value 0.02437
scoring_system epss
scoring_elements 0.85159
published_at 2026-04-09T12:55:00Z
1
value 0.02437
scoring_system epss
scoring_elements 0.85168
published_at 2026-04-13T12:55:00Z
2
value 0.02437
scoring_system epss
scoring_elements 0.85171
published_at 2026-04-12T12:55:00Z
3
value 0.02437
scoring_system epss
scoring_elements 0.85173
published_at 2026-04-11T12:55:00Z
4
value 0.02437
scoring_system epss
scoring_elements 0.85096
published_at 2026-04-01T12:55:00Z
5
value 0.02437
scoring_system epss
scoring_elements 0.85109
published_at 2026-04-02T12:55:00Z
6
value 0.02437
scoring_system epss
scoring_elements 0.85126
published_at 2026-04-04T12:55:00Z
7
value 0.02437
scoring_system epss
scoring_elements 0.8513
published_at 2026-04-07T12:55:00Z
8
value 0.02437
scoring_system epss
scoring_elements 0.85151
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26939
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939
2
reference_url https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
3
reference_url https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
4
reference_url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
5
reference_url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
6
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26939
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26939
8
reference_url https://security.netapp.com/advisory/ntap-20201202-0005
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20201202-0005
9
reference_url https://github.com/advisories/GHSA-72m5-fvvv-55m6
reference_id GHSA-72m5-fvvv-55m6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-72m5-fvvv-55m6
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.61
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.61
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.61
aliases CVE-2020-26939, GHSA-72m5-fvvv-55m6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nau9-4auz-pqbs
12
url VCID-pybm-wf4t-pbdg
vulnerability_id VCID-pybm-wf4t-pbdg
summary Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2423
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2423
1
reference_url https://access.redhat.com/errata/RHSA-2018:2424
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2424
2
reference_url https://access.redhat.com/errata/RHSA-2018:2425
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2425
3
reference_url https://access.redhat.com/errata/RHSA-2018:2428
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2428
4
reference_url https://access.redhat.com/errata/RHSA-2018:2643
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2643
5
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
6
reference_url https://access.redhat.com/errata/RHSA-2019:0877
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:0877
7
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000180.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000180.json
8
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000180
reference_id
reference_type
scores
0
value 0.00256
scoring_system epss
scoring_elements 0.48928
published_at 2026-04-01T12:55:00Z
1
value 0.00256
scoring_system epss
scoring_elements 0.48964
published_at 2026-04-02T12:55:00Z
2
value 0.00277
scoring_system epss
scoring_elements 0.51098
published_at 2026-04-13T12:55:00Z
3
value 0.00277
scoring_system epss
scoring_elements 0.51082
published_at 2026-04-04T12:55:00Z
4
value 0.00277
scoring_system epss
scoring_elements 0.51136
published_at 2026-04-11T12:55:00Z
5
value 0.00277
scoring_system epss
scoring_elements 0.51115
published_at 2026-04-12T12:55:00Z
6
value 0.00277
scoring_system epss
scoring_elements 0.51039
published_at 2026-04-07T12:55:00Z
7
value 0.00277
scoring_system epss
scoring_elements 0.51096
published_at 2026-04-08T12:55:00Z
8
value 0.00277
scoring_system epss
scoring_elements 0.51092
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000180
9
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
10
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
11
reference_url https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad
12
reference_url https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839
13
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
15
reference_url https://security.netapp.com/advisory/ntap-20190204-0003
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190204-0003
16
reference_url https://security.netapp.com/advisory/ntap-20190204-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190204-0003/
17
reference_url https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test
18
reference_url https://www.debian.org/security/2018/dsa-4233
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2018/dsa-4233
19
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
20
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
21
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
22
reference_url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
23
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
24
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
25
reference_url http://www.securityfocus.com/bid/106567
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/106567
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588306
reference_id 1588306
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588306
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843
reference_id 900843
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*
46
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*
47
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*
48
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*
49
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*
50
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*
51
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*
52
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*
53
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*
54
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
55
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
56
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
57
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
58
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*
59
reference_url https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180
reference_id CVE-2018-1000180
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180
60
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000180
reference_id CVE-2018-1000180
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000180
61
reference_url https://github.com/advisories/GHSA-xqj7-j8j5-f2xr
reference_id GHSA-xqj7-j8j5-f2xr
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-xqj7-j8j5-f2xr
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.60
aliases CVE-2018-1000180, GHSA-xqj7-j8j5-f2xr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pybm-wf4t-pbdg
13
url VCID-qr8s-5r61-skhw
vulnerability_id VCID-qr8s-5r61-skhw
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000345
reference_id
reference_type
scores
0
value 0.00802
scoring_system epss
scoring_elements 0.74045
published_at 2026-04-07T12:55:00Z
1
value 0.00802
scoring_system epss
scoring_elements 0.7409
published_at 2026-04-13T12:55:00Z
2
value 0.00802
scoring_system epss
scoring_elements 0.74096
published_at 2026-04-12T12:55:00Z
3
value 0.00802
scoring_system epss
scoring_elements 0.74114
published_at 2026-04-11T12:55:00Z
4
value 0.00802
scoring_system epss
scoring_elements 0.74093
published_at 2026-04-09T12:55:00Z
5
value 0.00802
scoring_system epss
scoring_elements 0.74078
published_at 2026-04-08T12:55:00Z
6
value 0.00802
scoring_system epss
scoring_elements 0.74042
published_at 2026-04-01T12:55:00Z
7
value 0.00802
scoring_system epss
scoring_elements 0.74048
published_at 2026-04-02T12:55:00Z
8
value 0.00802
scoring_system epss
scoring_elements 0.74074
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000345
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
5
reference_url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35
6
reference_url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
7
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
8
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
10
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
11
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588323
reference_id 1588323
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588323
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000345
reference_id CVE-2016-1000345
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000345
16
reference_url https://github.com/advisories/GHSA-9gp4-qrff-c648
reference_id GHSA-9gp4-qrff-c648
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-9gp4-qrff-c648
17
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000345, GHSA-9gp4-qrff-c648
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8s-5r61-skhw
14
url VCID-tnen-a68v-9bfk
vulnerability_id VCID-tnen-a68v-9bfk
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000343.json
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000343.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000343
reference_id
reference_type
scores
0
value 0.01074
scoring_system epss
scoring_elements 0.77727
published_at 2026-04-07T12:55:00Z
1
value 0.01074
scoring_system epss
scoring_elements 0.77769
published_at 2026-04-13T12:55:00Z
2
value 0.01074
scoring_system epss
scoring_elements 0.7777
published_at 2026-04-12T12:55:00Z
3
value 0.01074
scoring_system epss
scoring_elements 0.77786
published_at 2026-04-11T12:55:00Z
4
value 0.01074
scoring_system epss
scoring_elements 0.7776
published_at 2026-04-09T12:55:00Z
5
value 0.01074
scoring_system epss
scoring_elements 0.77755
published_at 2026-04-08T12:55:00Z
6
value 0.01074
scoring_system epss
scoring_elements 0.7771
published_at 2026-04-01T12:55:00Z
7
value 0.01074
scoring_system epss
scoring_elements 0.77717
published_at 2026-04-02T12:55:00Z
8
value 0.01074
scoring_system epss
scoring_elements 0.77744
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000343
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389
7
reference_url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
8
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
10
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
11
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
12
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
13
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
14
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588721
reference_id 1588721
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588721
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
reference_id CVE-2016-1000343
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
19
reference_url https://github.com/advisories/GHSA-rrvx-pwf8-p59p
reference_id GHSA-rrvx-pwf8-p59p
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-rrvx-pwf8-p59p
20
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000343, GHSA-rrvx-pwf8-p59p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tnen-a68v-9bfk
15
url VCID-xzbt-bkdp-8bgh
vulnerability_id VCID-xzbt-bkdp-8bgh
summary In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
references
0
reference_url https://access.redhat.com/errata/RHSA-2018:2669
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2669
1
reference_url https://access.redhat.com/errata/RHSA-2018:2927
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2018:2927
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000346.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000346.json
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2016-1000346
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.7645
published_at 2026-04-02T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.76504
published_at 2026-04-09T12:55:00Z
2
value 0.00962
scoring_system epss
scoring_elements 0.76529
published_at 2026-04-11T12:55:00Z
3
value 0.00962
scoring_system epss
scoring_elements 0.76508
published_at 2026-04-12T12:55:00Z
4
value 0.00962
scoring_system epss
scoring_elements 0.76502
published_at 2026-04-13T12:55:00Z
5
value 0.00962
scoring_system epss
scoring_elements 0.76478
published_at 2026-04-04T12:55:00Z
6
value 0.00962
scoring_system epss
scoring_elements 0.76492
published_at 2026-04-08T12:55:00Z
7
value 0.00962
scoring_system epss
scoring_elements 0.76445
published_at 2026-04-01T12:55:00Z
8
value 0.00962
scoring_system epss
scoring_elements 0.7646
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2016-1000346
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
5
reference_url https://github.com/bcgit/bc-java
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java
6
reference_url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495
reference_id
reference_type
scores
url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495
7
reference_url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937
8
reference_url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
9
reference_url https://security.netapp.com/advisory/ntap-20181127-0004
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20181127-0004
10
reference_url https://security.netapp.com/advisory/ntap-20181127-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20181127-0004/
11
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
12
reference_url https://www.oracle.com/security-alerts/cpuoct2020.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2020.html
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1588327
reference_id 1588327
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1588327
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-1000346
reference_id CVE-2016-1000346
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:N/A:N
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
2
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-1000346
17
reference_url https://github.com/advisories/GHSA-fjqm-246c-mwqg
reference_id GHSA-fjqm-246c-mwqg
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fjqm-246c-mwqg
18
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-4rs8-tp92-p7ck
3
vulnerability VCID-abxq-7eq3-g7dp
4
vulnerability VCID-nau9-4auz-pqbs
5
vulnerability VCID-pybm-wf4t-pbdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.56
aliases CVE-2016-1000346, GHSA-fjqm-246c-mwqg
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xzbt-bkdp-8bgh
Fixing_vulnerabilities
0
url VCID-waqt-x8vm-qyez
vulnerability_id VCID-waqt-x8vm-qyez
summary The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
references
0
reference_url http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83
reference_id
reference_type
scores
url http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83
1
reference_url http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04
reference_id
reference_type
scores
url http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
3
reference_url http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
4
reference_url http://rhn.redhat.com/errata/RHSA-2016-2035.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2035.html
5
reference_url http://rhn.redhat.com/errata/RHSA-2016-2036.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://rhn.redhat.com/errata/RHSA-2016-2036.html
6
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json
7
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-7940
reference_id
reference_type
scores
0
value 0.00972
scoring_system epss
scoring_elements 0.76645
published_at 2026-04-12T12:55:00Z
1
value 0.00972
scoring_system epss
scoring_elements 0.76636
published_at 2026-04-13T12:55:00Z
2
value 0.00972
scoring_system epss
scoring_elements 0.76586
published_at 2026-04-02T12:55:00Z
3
value 0.00972
scoring_system epss
scoring_elements 0.76583
published_at 2026-04-01T12:55:00Z
4
value 0.00972
scoring_system epss
scoring_elements 0.76639
published_at 2026-04-09T12:55:00Z
5
value 0.00972
scoring_system epss
scoring_elements 0.76666
published_at 2026-04-11T12:55:00Z
6
value 0.00972
scoring_system epss
scoring_elements 0.76615
published_at 2026-04-04T12:55:00Z
7
value 0.00972
scoring_system epss
scoring_elements 0.76596
published_at 2026-04-07T12:55:00Z
8
value 0.00972
scoring_system epss
scoring_elements 0.76628
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-7940
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940
9
reference_url https://usn.ubuntu.com/3727-1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/3727-1
10
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
11
reference_url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
12
reference_url http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
13
reference_url http://www.debian.org/security/2015/dsa-3417
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.debian.org/security/2015/dsa-3417
14
reference_url http://www.openwall.com/lists/oss-security/2015/10/22/7
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/10/22/7
15
reference_url http://www.openwall.com/lists/oss-security/2015/10/22/9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2015/10/22/9
16
reference_url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
17
reference_url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
18
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
19
reference_url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
20
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
21
reference_url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
22
reference_url http://www.securityfocus.com/bid/79091
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/79091
23
reference_url http://www.securitytracker.com/id/1037036
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1037036
24
reference_url http://www.securitytracker.com/id/1037046
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1037046
25
reference_url http://www.securitytracker.com/id/1037053
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1037053
26
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1276272
reference_id 1276272
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1276272
27
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671
reference_id 802671
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_id cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-7940
reference_id CVE-2015-7940
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-7940
41
reference_url https://github.com/advisories/GHSA-4mv7-cq75-3qjm
reference_id GHSA-4mv7-cq75-3qjm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-4mv7-cq75-3qjm
42
reference_url https://access.redhat.com/errata/RHSA-2016:2035
reference_id RHSA-2016:2035
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2035
43
reference_url https://access.redhat.com/errata/RHSA-2016:2036
reference_id RHSA-2016:2036
reference_type
scores
url https://access.redhat.com/errata/RHSA-2016:2036
44
reference_url https://usn.ubuntu.com/3727-1/
reference_id USN-3727-1
reference_type
scores
url https://usn.ubuntu.com/3727-1/
fixed_packages
0
url pkg:maven/org.bouncycastle/bcprov-jdk15on@1.51
purl pkg:maven/org.bouncycastle/bcprov-jdk15on@1.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j9r-6zbp-m3bz
1
vulnerability VCID-2u8v-56gn-8uc2
2
vulnerability VCID-31h9-7jrr-9kdt
3
vulnerability VCID-4rs8-tp92-p7ck
4
vulnerability VCID-abxq-7eq3-g7dp
5
vulnerability VCID-ddqw-aj7g-s7c2
6
vulnerability VCID-f4qa-9fn6-97az
7
vulnerability VCID-f73y-mjrg-yfc9
8
vulnerability VCID-jr7u-m7gc-pydy
9
vulnerability VCID-jua2-2byr-t3cv
10
vulnerability VCID-ka8b-44hx-mkc5
11
vulnerability VCID-nau9-4auz-pqbs
12
vulnerability VCID-pybm-wf4t-pbdg
13
vulnerability VCID-qr8s-5r61-skhw
14
vulnerability VCID-tnen-a68v-9bfk
15
vulnerability VCID-xzbt-bkdp-8bgh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.51
aliases CVE-2015-7940, GHSA-4mv7-cq75-3qjm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-waqt-x8vm-qyez
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.bouncycastle/bcprov-jdk15on@1.51