Package Instance

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json

reference_url

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000345

reference_id

reference_type

scores

value	0.00802
scoring_system	epss
scoring_elements	0.74477
published_at	2026-06-05T12:55:00Z

value	0.00802
scoring_system	epss
scoring_elements	0.74445
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000345

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345

reference_url	https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35

reference_url

https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20181127-0004

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181127-0004

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1588323
reference_id	1588323
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1588323

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000345

reference_id

CVE-2016-1000345

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000345

reference_url

https://github.com/advisories/GHSA-9gp4-qrff-c648

reference_id

GHSA-9gp4-qrff-c648

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-9gp4-qrff-c648

reference_url	https://usn.ubuntu.com/3727-1/
reference_id	USN-3727-1
reference_type
scores
url	https://usn.ubuntu.com/3727-1/

fixed_packages

url pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

purl pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qe69-rd9d-4kgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%252Bdeb9u2

aliases CVE-2016-1000345, GHSA-9gp4-qrff-c648

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5pwz-mdv3-dkak

url VCID-64mt-9155-tkbv

vulnerability_id VCID-64mt-9155-tkbv

summary The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-3389

reference_id

reference_type

scores

value	0.03832
scoring_system	epss
scoring_elements	0.88361
published_at	2026-06-04T12:55:00Z

value	0.03832
scoring_system	epss
scoring_elements	0.88379
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-3389

reference_url

https://curl.se/docs/CVE-2011-3389.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2011-3389.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=737506
reference_id	737506
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=737506

reference_url	https://security.gentoo.org/glsa/201111-02
reference_id	GLSA-201111-02
reference_type
scores
url	https://security.gentoo.org/glsa/201111-02

reference_url	https://security.gentoo.org/glsa/201203-02
reference_id	GLSA-201203-02
reference_type
scores
url	https://security.gentoo.org/glsa/201203-02

reference_url	https://security.gentoo.org/glsa/201301-01
reference_id	GLSA-201301-01
reference_type
scores
url	https://security.gentoo.org/glsa/201301-01

reference_url	https://security.gentoo.org/glsa/201406-32
reference_id	GLSA-201406-32
reference_type
scores
url	https://security.gentoo.org/glsa/201406-32

reference_url	https://access.redhat.com/errata/RHSA-2011:1380
reference_id	RHSA-2011:1380
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1380

reference_url	https://access.redhat.com/errata/RHSA-2011:1384
reference_id	RHSA-2011:1384
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2011:1384

reference_url	https://access.redhat.com/errata/RHSA-2012:0006
reference_id	RHSA-2012:0006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0006

reference_url	https://access.redhat.com/errata/RHSA-2012:0034
reference_id	RHSA-2012:0034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0034

reference_url	https://access.redhat.com/errata/RHSA-2012:0343
reference_id	RHSA-2012:0343
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0343

reference_url	https://access.redhat.com/errata/RHSA-2012:0508
reference_id	RHSA-2012:0508
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2012:0508

reference_url	https://access.redhat.com/errata/RHSA-2013:1455
reference_id	RHSA-2013:1455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2013:1455

reference_url	https://usn.ubuntu.com/1263-1/
reference_id	USN-1263-1
reference_type
scores
url	https://usn.ubuntu.com/1263-1/

fixed_packages

url pkg:deb/debian/bouncycastle@1.49%2Bdfsg-3

purl pkg:deb/debian/bouncycastle@1.49%2Bdfsg-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pwz-mdv3-dkak

vulnerability	VCID-ah8x-azmn-zbgq

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qap8-a94t-3yac

vulnerability	VCID-qe69-rd9d-4kgg

vulnerability	VCID-rh2m-yftg-7uc9

vulnerability	VCID-sxxg-bjnq-2kf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.49%252Bdfsg-3

aliases CVE-2011-3389

risk_score 10.0

exploitability 2.0

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-64mt-9155-tkbv

url VCID-ah8x-azmn-zbgq

vulnerability_id VCID-ah8x-azmn-zbgq

summary Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-6644

reference_id

reference_type

scores

value	0.00184
scoring_system	epss
scoring_elements	0.39842
published_at	2026-06-04T12:55:00Z

value	0.00184
scoring_system	epss
scoring_elements	0.39926
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-6644

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644

reference_url	https://github.com/bcgit/bc-java/commit/25aca54734b861ef109ac4943c4a5f98c0c1b885
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/25aca54734b861ef109ac4943c4a5f98c0c1b885

reference_url	https://github.com/bcgit/bc-java/commit/2d80e6cc6f5b78e159dba3277414e3bfea511dea
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/2d80e6cc6f5b78e159dba3277414e3bfea511dea

reference_url	https://github.com/bcgit/bc-java/commit/874bab94a5baf426545948116cabe6f4ae338c20
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/874bab94a5baf426545948116cabe6f4ae338c20

reference_url	https://github.com/bcgit/bc-java/commit/9bc10bbaa9620d691c58e2b37f31f0d31ceea61f
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/9bc10bbaa9620d691c58e2b37f31f0d31ceea61f

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1444015
reference_id	1444015
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1444015

reference_url	https://usn.ubuntu.com/3727-1/
reference_id	USN-3727-1
reference_type
scores
url	https://usn.ubuntu.com/3727-1/

fixed_packages

url pkg:deb/debian/bouncycastle@1.49%2Bdfsg-3%2Bdeb8u2

purl pkg:deb/debian/bouncycastle@1.49%2Bdfsg-3%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pwz-mdv3-dkak

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qe69-rd9d-4kgg

vulnerability	VCID-rh2m-yftg-7uc9

vulnerability	VCID-sxxg-bjnq-2kf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.49%252Bdfsg-3%252Bdeb8u2

aliases CVE-2015-6644

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ah8x-azmn-zbgq

url VCID-crd1-k1qv-jkec

vulnerability_id VCID-crd1-k1qv-jkec

summary

Observable Differences in Behavior to Error Inputs in Bouncy Castle
In Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26939

reference_id

reference_type

scores

value	0.02437
scoring_system	epss
scoring_elements	0.85444
published_at	2026-06-04T12:55:00Z

value	0.02437
scoring_system	epss
scoring_elements	0.85468
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26939

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939

reference_url

https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1

reference_url

https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E

reference_url

https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html

reference_url

https://security.netapp.com/advisory/ntap-20201202-0005

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201202-0005

reference_url

https://github.com/bcgit/bc-java/wiki/CVE-2020-26939

reference_id

CVE-2020-26939

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/wiki/CVE-2020-26939

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26939

reference_id

CVE-2020-26939

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26939

reference_url	https://github.com/advisories/GHSA-72m5-fvvv-55m6
reference_id	GHSA-72m5-fvvv-55m6
reference_type
scores
url	https://github.com/advisories/GHSA-72m5-fvvv-55m6

fixed_packages

url pkg:deb/debian/bouncycastle@1.68-2

purl pkg:deb/debian/bouncycastle@1.68-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7jw5-6bfa-u7a4

vulnerability	VCID-98ws-cchw-a3fe

vulnerability	VCID-c558-uvxv-8fdf

vulnerability	VCID-cqfw-r4um-hyd6

vulnerability	VCID-f47r-4t52-3bgq

vulnerability	VCID-fdgv-77kb-ybat

vulnerability	VCID-s4tz-g6jv-7ub4

vulnerability	VCID-we5n-w376-tkda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2

aliases CVE-2020-26939, GHSA-72m5-fvvv-55m6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-crd1-k1qv-jkec

url VCID-k31z-bskx-uuc9

vulnerability_id VCID-k31z-bskx-uuc9

summary

Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:2423

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2423

reference_url

https://access.redhat.com/errata/RHSA-2018:2424

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2424

reference_url

https://access.redhat.com/errata/RHSA-2018:2425

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2425

reference_url

https://access.redhat.com/errata/RHSA-2018:2428

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2428

reference_url

https://access.redhat.com/errata/RHSA-2018:2643

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:2643

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0877

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:0877

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000180.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000180

reference_id

reference_type

scores

value	0.0031
scoring_system	epss
scoring_elements	0.54514
published_at	2026-06-05T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.55201
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000180

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad

reference_url

https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839

reference_url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E

reference_url

https://security.netapp.com/advisory/ntap-20190204-0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20190204-0003

reference_url

https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test

reference_url

https://www.debian.org/security/2018/dsa-4233

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2018/dsa-4233

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url

http://www.securityfocus.com/bid/106567

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/106567

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1588306
reference_id	1588306
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1588306

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843
reference_id	900843
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843

reference_url

https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180

reference_id

CVE-2018-1000180

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000180

reference_id

CVE-2018-1000180

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-1000180

reference_url

https://github.com/advisories/GHSA-xqj7-j8j5-f2xr

reference_id

GHSA-xqj7-j8j5-f2xr

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-xqj7-j8j5-f2xr

fixed_packages

url pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

purl pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qe69-rd9d-4kgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%252Bdeb9u2

url pkg:deb/debian/bouncycastle@1.60-1

purl pkg:deb/debian/bouncycastle@1.60-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-qe69-rd9d-4kgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.60-1

aliases CVE-2018-1000180, GHSA-xqj7-j8j5-f2xr

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k31z-bskx-uuc9

url VCID-q8ux-tmpf-sue2

vulnerability_id VCID-q8ux-tmpf-sue2

summary

Observable Discrepancy
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13098.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13098.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-13098

reference_id

reference_type

scores

value	0.68141
scoring_system	epss
scoring_elements	0.98616
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-13098

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c

reference_url

https://robotattack.org

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://robotattack.org

reference_url	https://robotattack.org/
reference_id
reference_type
scores
url	https://robotattack.org/

reference_url

https://security.netapp.com/advisory/ntap-20171222-0001

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20171222-0001

reference_url	https://security.netapp.com/advisory/ntap-20171222-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20171222-0001/

reference_url

https://www.debian.org/security/2017/dsa-4072

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.debian.org/security/2017/dsa-4072

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url

http://www.kb.cert.org/vuls/id/144389

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.kb.cert.org/vuls/id/144389

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1525528
reference_id	1525528
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1525528

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884241
reference_id	884241
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884241

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-13098

reference_id

CVE-2017-13098

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-13098

reference_url

https://github.com/advisories/GHSA-wrwf-pmmj-w989

reference_id

GHSA-wrwf-pmmj-w989

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-wrwf-pmmj-w989

fixed_packages

url pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

purl pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qe69-rd9d-4kgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%252Bdeb9u2

url pkg:deb/debian/bouncycastle@1.60-1

purl pkg:deb/debian/bouncycastle@1.60-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-qe69-rd9d-4kgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.60-1

aliases CVE-2017-13098, GHSA-wrwf-pmmj-w989

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q8ux-tmpf-sue2

url VCID-qap8-a94t-3yac

vulnerability_id VCID-qap8-a94t-3yac

summary

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

references

reference_url	http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83
reference_id
reference_type
scores
url	http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83

reference_url	http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04
reference_id
reference_type
scores
url	http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04

reference_url

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2035.html

reference_url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2016-2036.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-7940

reference_id

reference_type

scores

value	0.00972
scoring_system	epss
scoring_elements	0.76976
published_at	2026-06-04T12:55:00Z

value	0.00972
scoring_system	epss
scoring_elements	0.77008
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-7940

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

reference_url

http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

reference_url

http://www.debian.org/security/2015/dsa-3417

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.debian.org/security/2015/dsa-3417

reference_url

http://www.openwall.com/lists/oss-security/2015/10/22/7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/10/22/7

reference_url

http://www.openwall.com/lists/oss-security/2015/10/22/9

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2015/10/22/9

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

reference_url

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

reference_url

http://www.securityfocus.com/bid/79091

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/79091

reference_url

http://www.securitytracker.com/id/1037036

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1037036

reference_url

http://www.securitytracker.com/id/1037046

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1037046

reference_url

http://www.securitytracker.com/id/1037053

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securitytracker.com/id/1037053

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1276272
reference_id	1276272
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1276272

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671
reference_id	802671
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-7940

reference_id

CVE-2015-7940

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-7940

reference_url

https://github.com/advisories/GHSA-4mv7-cq75-3qjm

reference_id

GHSA-4mv7-cq75-3qjm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-4mv7-cq75-3qjm

reference_url	https://access.redhat.com/errata/RHSA-2016:2035
reference_id	RHSA-2016:2035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2035

reference_url	https://access.redhat.com/errata/RHSA-2016:2036
reference_id	RHSA-2016:2036
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2036

reference_url	https://usn.ubuntu.com/3727-1/
reference_id	USN-3727-1
reference_type
scores
url	https://usn.ubuntu.com/3727-1/

fixed_packages

url pkg:deb/debian/bouncycastle@1.44%2Bdfsg-3.1%2Bdeb7u1

purl pkg:deb/debian/bouncycastle@1.44%2Bdfsg-3.1%2Bdeb7u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pwz-mdv3-dkak

vulnerability	VCID-64mt-9155-tkbv

vulnerability	VCID-ah8x-azmn-zbgq

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qap8-a94t-3yac

vulnerability	VCID-qe69-rd9d-4kgg

vulnerability	VCID-rh2m-yftg-7uc9

vulnerability	VCID-sxxg-bjnq-2kf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.44%252Bdfsg-3.1%252Bdeb7u1

url pkg:deb/debian/bouncycastle@1.49%2Bdfsg-3%2Bdeb8u2

purl pkg:deb/debian/bouncycastle@1.49%2Bdfsg-3%2Bdeb8u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5pwz-mdv3-dkak

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qe69-rd9d-4kgg

vulnerability	VCID-rh2m-yftg-7uc9

vulnerability	VCID-sxxg-bjnq-2kf7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.49%252Bdfsg-3%252Bdeb8u2

aliases CVE-2015-7940, GHSA-4mv7-cq75-3qjm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qap8-a94t-3yac

url VCID-qe69-rd9d-4kgg

vulnerability_id VCID-qe69-rd9d-4kgg

summary authentication bypass

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-28052

reference_id

reference_type

scores

value	0.04099
scoring_system	epss
scoring_elements	0.88804
published_at	2026-06-05T12:55:00Z

value	0.04099
scoring_system	epss
scoring_elements	0.88787
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-28052

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219

reference_url

https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E

reference_url

https://www.bouncycastle.org/releasenotes.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.bouncycastle.org/releasenotes.html

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url

https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1912881
reference_id	1912881
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1912881

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683
reference_id	977683
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683

reference_url

https://security.archlinux.org/AVG-1372

reference_id

AVG-1372

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1372

reference_url

https://github.com/bcgit/bc-java/wiki/CVE-2020-28052

reference_id

CVE-2020-28052

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/wiki/CVE-2020-28052

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-28052

reference_id

CVE-2020-28052

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-28052

reference_url	https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
reference_id	CVE-2020-28052-BOUNCY-CASTLE
reference_type
scores
url	https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/

reference_url	https://github.com/advisories/GHSA-73xv-w5gp-frxh
reference_id	GHSA-73xv-w5gp-frxh
reference_type
scores
url	https://github.com/advisories/GHSA-73xv-w5gp-frxh

reference_url	https://access.redhat.com/errata/RHSA-2021:0872
reference_id	RHSA-2021:0872
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0872

reference_url	https://access.redhat.com/errata/RHSA-2021:0873
reference_id	RHSA-2021:0873
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0873

reference_url	https://access.redhat.com/errata/RHSA-2021:0874
reference_id	RHSA-2021:0874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0874

reference_url	https://access.redhat.com/errata/RHSA-2021:0885
reference_id	RHSA-2021:0885
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0885

reference_url	https://access.redhat.com/errata/RHSA-2021:0974
reference_id	RHSA-2021:0974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0974

reference_url	https://access.redhat.com/errata/RHSA-2021:1401
reference_id	RHSA-2021:1401
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1401

reference_url	https://access.redhat.com/errata/RHSA-2021:2210
reference_id	RHSA-2021:2210
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2210

reference_url	https://access.redhat.com/errata/RHSA-2021:2755
reference_id	RHSA-2021:2755
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2755

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

reference_url	https://access.redhat.com/errata/RHSA-2021:3205
reference_id	RHSA-2021:3205
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3205

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

fixed_packages

url pkg:deb/debian/bouncycastle@1.68-2

purl pkg:deb/debian/bouncycastle@1.68-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7jw5-6bfa-u7a4

vulnerability	VCID-98ws-cchw-a3fe

vulnerability	VCID-c558-uvxv-8fdf

vulnerability	VCID-cqfw-r4um-hyd6

vulnerability	VCID-f47r-4t52-3bgq

vulnerability	VCID-fdgv-77kb-ybat

vulnerability	VCID-s4tz-g6jv-7ub4

vulnerability	VCID-we5n-w376-tkda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2

aliases CVE-2020-28052, GHSA-73xv-w5gp-frxh

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qe69-rd9d-4kgg

url VCID-rh2m-yftg-7uc9

vulnerability_id VCID-rh2m-yftg-7uc9

summary

The Bouncy Castle JCE Provider carry a propagation bug
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json

reference_url

reference_id

reference_type

scores

value	2.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000340

reference_id

reference_type

scores

value	0.00397
scoring_system	epss
scoring_elements	0.60929
published_at	2026-06-05T12:55:00Z

value	0.00397
scoring_system	epss
scoring_elements	0.6088
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000340

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

reference_url	https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31

reference_url

https://security.netapp.com/advisory/ntap-20181127-0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181127-0004

reference_url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2020.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1588688
reference_id	1588688
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1588688

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000340

reference_id

CVE-2016-1000340

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-1000340

reference_url

https://github.com/advisories/GHSA-r97x-3g8f-gx3m

reference_id

GHSA-r97x-3g8f-gx3m

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-r97x-3g8f-gx3m

fixed_packages

url pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

purl pkg:deb/debian/bouncycastle@1.56-1%2Bdeb9u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-crd1-k1qv-jkec

vulnerability	VCID-k31z-bskx-uuc9

vulnerability	VCID-q8ux-tmpf-sue2

vulnerability	VCID-qe69-rd9d-4kgg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%252Bdeb9u2

aliases CVE-2016-1000340, GHSA-r97x-3g8f-gx3m

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rh2m-yftg-7uc9

url VCID-sxxg-bjnq-2kf7

vulnerability_id VCID-sxxg-bjnq-2kf7

summary

Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json

reference_url

reference_id

reference_type

scores

value	5.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000341

reference_id

reference_type

scores

value	0.00802
scoring_system	epss
scoring_elements	0.74477
published_at	2026-06-05T12:55:00Z

value	0.00802
scoring_system	epss
scoring_elements	0.74445
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-1000341

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce

reference_url	https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa
reference_id
reference_type
scores
url	https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce

reference_url

https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html

reference_url

https://security.netapp.com/advisory/ntap-20181127-0004

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20181127-0004

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url