{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","type":"deb","namespace":"debian","name":"bouncycastle","version":"1.72-2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.77-1","latest_non_vulnerable_version":"1.80-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19635?format=json","vulnerability_id":"VCID-2j9r-6zbp-m3bz","summary":"Bouncy Castle affected by timing side-channel for RSA key exchange (\"The Marvin Attack\")\nAn issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30171.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30171","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27557","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27541","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27622","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.276","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27538","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.2771","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27786","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27898","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27981","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28029","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28045","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28037","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28094","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28137","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28131","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28535","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2873","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28601","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30171"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30171"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217"},{"reference_url":"https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/"}],"url":"https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171"},{"reference_url":"https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0"},{"reference_url":"https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30171","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30171"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240614-0008","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240614-0008"},{"reference_url":"https://www.bouncycastle.org/latest_releases.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/"}],"url":"https://www.bouncycastle.org/latest_releases.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655","reference_id":"1070655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276360","reference_id":"2276360","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276360"},{"reference_url":"https://github.com/advisories/GHSA-v435-xc8x-wvr9","reference_id":"GHSA-v435-xc8x-wvr9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v435-xc8x-wvr9"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240614-0008/","reference_id":"ntap-20240614-0008","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T17:18:15Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240614-0008/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4173","reference_id":"RHSA-2024:4173","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4271","reference_id":"RHSA-2024:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4326","reference_id":"RHSA-2024:4326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4505","reference_id":"RHSA-2024:4505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5479","reference_id":"RHSA-2024:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5481","reference_id":"RHSA-2024:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5482","reference_id":"RHSA-2024:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5482"},{"reference_url":"https://usn.ubuntu.com/8108-1/","reference_id":"USN-8108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921577?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2024-30171","GHSA-v435-xc8x-wvr9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2j9r-6zbp-m3bz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352742?format=json","vulnerability_id":"VCID-37ce-hamd-wuda","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5598.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5598.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5598","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04801","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04901","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04852","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04856","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0484","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04947","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0495","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04945","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05165","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13788","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13783","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5598"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134386","reference_id":"1134386","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134386"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458635","reference_id":"2458635","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458635"},{"reference_url":"https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5","reference_id":"8692e6b2b191fc4aafa32545c7a78bdb9bf110c5","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T13:11:48Z/"}],"url":"https://github.com/bcgit/bc-java/commit/8692e6b2b191fc4aafa32545c7a78bdb9bf110c5"},{"reference_url":"https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87","reference_id":"94abbd56413dfdac651fd878bc60253871ef5e87","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T13:11:48Z/"}],"url":"https://github.com/bcgit/bc-java/commit/94abbd56413dfdac651fd878bc60253871ef5e87"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2026-5598","reference_id":"CVE-2026-5598","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2026-5598"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5598","reference_id":"CVE-2026-5598","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-5598"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598","reference_id":"CVE%E2%80%902026%E2%80%905598","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:U/S:P/AU:Y/U:Red"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T13:11:48Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905598"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998","reference_id":"CVE%E2%80%902026%E2%80%905998","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-04-15T13:11:48Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902026%E2%80%905998"},{"reference_url":"https://github.com/advisories/GHSA-p93r-85wp-75v3","reference_id":"GHSA-p93r-85wp-75v3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p93r-85wp-75v3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12267","reference_id":"RHSA-2026:12267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:12269","reference_id":"RHSA-2026:12269","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:12269"}],"fixed_packages":[],"aliases":["CVE-2026-5598","GHSA-p93r-85wp-75v3"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37ce-hamd-wuda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19725?format=json","vulnerability_id":"VCID-4rs8-tp92-p7ck","summary":"Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.\nAn issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29857","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40999","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40652","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40601","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.41005","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4067","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40576","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48606","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48558","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48563","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4861","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.4856","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48574","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00252","scoring_system":"epss","scoring_elements":"0.48553","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29857"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-csharp/commit/56daa6eac526f165416d17f661422d60de0dfd63"},{"reference_url":"https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/"}],"url":"https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9029857"},{"reference_url":"https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/efc498ca4caa340ac2fe11f2efee06c1a294501f"},{"reference_url":"https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/fee80dd230e7fba132d03a34f1dd1d6aae0d0281"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9029857"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29857","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29857"},{"reference_url":"https://security.netapp.com/advisory/ntap-20241206-0008","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20241206-0008"},{"reference_url":"https://www.bouncycastle.org/latest_releases.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T19:32:50Z/"}],"url":"https://www.bouncycastle.org/latest_releases.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655","reference_id":"1070655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2293028","reference_id":"2293028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2293028"},{"reference_url":"https://github.com/advisories/GHSA-8xfc-gm6g-vgpv","reference_id":"GHSA-8xfc-gm6g-vgpv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8xfc-gm6g-vgpv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4271","reference_id":"RHSA-2024:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4326","reference_id":"RHSA-2024:4326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4505","reference_id":"RHSA-2024:4505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5479","reference_id":"RHSA-2024:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5481","reference_id":"RHSA-2024:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5482","reference_id":"RHSA-2024:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5482"},{"reference_url":"https://usn.ubuntu.com/8108-1/","reference_id":"USN-8108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921577?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2024-29857","GHSA-8xfc-gm6g-vgpv"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4rs8-tp92-p7ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18171?format=json","vulnerability_id":"VCID-abxq-7eq3-g7dp","summary":"Improper Certificate Validation\nBouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33201.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33201","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53275","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53368","published_at":"2026-04-18T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53363","published_at":"2026-04-16T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53342","published_at":"2026-04-12T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53358","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53307","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53327","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53306","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53318","published_at":"2026-05-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53357","published_at":"2026-05-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53304","published_at":"2026-05-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53254","published_at":"2026-05-05T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53295","published_at":"2026-04-29T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53332","published_at":"2026-04-26T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5332","published_at":"2026-04-24T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53348","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00326","scoring_system":"epss","scoring_elements":"0.55553","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33201"},{"reference_url":"https://bouncycastle.org","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/"}],"url":"https://bouncycastle.org"},{"reference_url":"https://bouncycastle.org/releasenotes.html#r1rv74","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bouncycastle.org/releasenotes.html#r1rv74"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33201"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/ccf93ca736b89250ff4ce079a5aa56f5cbf0ebbd"},{"reference_url":"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/"}],"url":"https://github.com/bcgit/bc-java/commit/e8c409a8389c815ea3fda5e8b94c92fdfe583bcc"},{"reference_url":"https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commits/main/prov/src/main/java/org/bouncycastle/jce/provider/X509LDAPCertStoreSpi.java"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00000.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230824-0008","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20230824-0008"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230824-0008/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230824-0008/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050","reference_id":"1040050","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040050"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215465","reference_id":"2215465","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2215465"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201","reference_id":"CVE-2023-33201","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T15:47:56Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2023-33201"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33201","reference_id":"CVE-2023-33201","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33201"},{"reference_url":"https://github.com/advisories/GHSA-hr8g-6v94-x4m9","reference_id":"GHSA-hr8g-6v94-x4m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hr8g-6v94-x4m9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5147","reference_id":"RHSA-2023:5147","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5165","reference_id":"RHSA-2023:5165","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7482","reference_id":"RHSA-2023:7482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7483","reference_id":"RHSA-2023:7483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7484","reference_id":"RHSA-2023:7484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7486","reference_id":"RHSA-2023:7486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7488","reference_id":"RHSA-2023:7488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7669","reference_id":"RHSA-2023:7669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:7678","reference_id":"RHSA-2023:7678","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:7678"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:0278","reference_id":"RHSA-2024:0278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:0278"},{"reference_url":"https://usn.ubuntu.com/8108-1/","reference_id":"USN-8108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921576?format=json","purl":"pkg:deb/debian/bouncycastle@1.77-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.77-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2023-33201","GHSA-hr8g-6v94-x4m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-abxq-7eq3-g7dp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19354?format=json","vulnerability_id":"VCID-d5x5-hcjh-efcr","summary":"Bouncy Castle crafted signature and public key can be used to trigger an infinite loop\nAn issue was discovered in Bouncy Castle Java Cryptography APIs starting in 1.73 and before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30172.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30172","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22462","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22446","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22477","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22401","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22315","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22412","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22414","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22424","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22579","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22627","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.2263","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22615","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22673","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22713","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23136","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2318","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2297","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23043","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23096","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-30172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30172"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030172"},{"reference_url":"https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/1b9fd9b545e691bfb3941a9f6a797660c8860f02"},{"reference_url":"https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/9c165791b68a204678b48ec11e4e579754c2ea49"},{"reference_url":"https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030172"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30172","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-30172"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240614-0007","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240614-0007"},{"reference_url":"https://www.bouncycastle.org/latest_releases.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:44:28Z/"}],"url":"https://www.bouncycastle.org/latest_releases.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655","reference_id":"1070655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2293025","reference_id":"2293025","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2293025"},{"reference_url":"https://github.com/advisories/GHSA-m44j-cfrm-g8qc","reference_id":"GHSA-m44j-cfrm-g8qc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m44j-cfrm-g8qc"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240614-0007/","reference_id":"ntap-20240614-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-05T13:44:28Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240614-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4271","reference_id":"RHSA-2024:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4326","reference_id":"RHSA-2024:4326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4505","reference_id":"RHSA-2024:4505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5479","reference_id":"RHSA-2024:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5481","reference_id":"RHSA-2024:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5482","reference_id":"RHSA-2024:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5482"},{"reference_url":"https://usn.ubuntu.com/8108-1/","reference_id":"USN-8108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921577?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2024-30172","GHSA-m44j-cfrm-g8qc"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5x5-hcjh-efcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19837?format=json","vulnerability_id":"VCID-e4j2-7rmt-17bf","summary":"Bouncy Castle Java Cryptography API vulnerable to DNS poisoning\nAn issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34447.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-34447.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34447","reference_id":"","reference_type":"","scores":[{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27859","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27839","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27922","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27895","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00104","scoring_system":"epss","scoring_elements":"0.27831","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28928","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28887","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28819","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.29012","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33831","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34388","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34348","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.3436","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34347","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.34307","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33937","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00141","scoring_system":"epss","scoring_elements":"0.33916","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34447"},{"reference_url":"http://security.netapp.com/advisory/ntap-20240614-0007","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.netapp.com/advisory/ntap-20240614-0007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/issues/1656","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/issues/1656"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9034447"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34447","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34447"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240614-0007","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240614-0007"},{"reference_url":"https://www.bouncycastle.org/latest_releases.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/"}],"url":"https://www.bouncycastle.org/latest_releases.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655","reference_id":"1070655","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070655"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279227","reference_id":"2279227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2279227"},{"reference_url":"https://github.com/advisories/GHSA-4h8f-2wvx-gg5w","reference_id":"GHSA-4h8f-2wvx-gg5w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4h8f-2wvx-gg5w"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240614-0007/","reference_id":"ntap-20240614-0007","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-16T18:10:40Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240614-0007/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4271","reference_id":"RHSA-2024:4271","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4271"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4326","reference_id":"RHSA-2024:4326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4326"},{"reference_url":"https://usn.ubuntu.com/8108-1/","reference_id":"USN-8108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921577?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2024-34447","GHSA-4h8f-2wvx-gg5w"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e4j2-7rmt-17bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27538?format=json","vulnerability_id":"VCID-rary-mqyu-2yes","summary":"Bouncy Castle for Java on All (API modules) allows Excessive Allocation\nA resource allocation vulnerability exists in Bouncy Castle for Java (by Legion of the Bouncy Castle Inc.) that affects all API modules. The vulnerability allows attackers to cause excessive memory allocation through unbounded resource consumption, potentially leading to denial of service. The issue is located in the ASN1ObjectIdentifier.java file in the core module.\n\nThis issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 2.0.0.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8885.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8885","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21551","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21601","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21659","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21745","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21686","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21628","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.216","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22706","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.227","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22872","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22909","published_at":"2026-04-18T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27408","published_at":"2026-04-29T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.273","published_at":"2026-05-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27239","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29119","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29176","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29099","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8885"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8885"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/3790993df5d28f661a64439a8664343437ed3865"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:14:28Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908885"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8885","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8885"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387790","reference_id":"2387790","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2387790"},{"reference_url":"https://github.com/advisories/GHSA-67mf-3cr5-8w23","reference_id":"GHSA-67mf-3cr5-8w23","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-67mf-3cr5-8w23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921577?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2025-8885","GHSA-67mf-3cr5-8w23"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rary-mqyu-2yes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19918?format=json","vulnerability_id":"VCID-sz15-payv-uyab","summary":"Uncontrolled Resource Consumption\nBouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. This class parses OpenSSL PEM encoded streams containing X.509 certificates, PKCS8 encoded keys, and PKCS7 objects. Parsing a file that has crafted ASN.1 data through the PEMParser causes an OutOfMemoryError, which can enable a denial of service attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33202.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-33202.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33202","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36339","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36317","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36401","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36373","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36816","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36776","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36827","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36842","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.363","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36415","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36503","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36534","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36911","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36761","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36821","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36837","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36944","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-33202"},{"reference_url":"https://bouncycastle.org","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/"}],"url":"https://bouncycastle.org"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33202"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/0c576892862ed41894f49a8f639112e8d66d229c"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240125-0001","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20240125-0001"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056754","reference_id":"1056754","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056754"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251281","reference_id":"2251281","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2251281"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2023-33202","reference_id":"CVE-2023-33202","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2023-33202"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33202","reference_id":"CVE-2023-33202","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-33202"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902023%E2%80%9033202","reference_id":"CVE%E2%80%902023%E2%80%9033202","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902023%E2%80%9033202"},{"reference_url":"https://github.com/advisories/GHSA-wjxj-5m7g-mg7q","reference_id":"GHSA-wjxj-5m7g-mg7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjxj-5m7g-mg7q"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240125-0001/","reference_id":"ntap-20240125-0001","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T17:51:39Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240125-0001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921576?format=json","purl":"pkg:deb/debian/bouncycastle@1.77-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.77-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2023-33202","GHSA-wjxj-5m7g-mg7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sz15-payv-uyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/27476?format=json","vulnerability_id":"VCID-wqgc-hd9r-zuek","summary":"Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files  https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java ,  https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java .\n\nThis issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8916.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8916.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8916","reference_id":"","reference_type":"","scores":[{"value":"0.00032","scoring_system":"epss","scoring_elements":"0.09314","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10778","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.1081","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10618","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10662","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10738","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10795","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10809","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.10754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1183","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11713","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.11751","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19616","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19693","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19709","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24376","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24394","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24441","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-8916"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8916","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8916"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/310b30a4fbf36d13f6cc201ffa7771715641e67e","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/310b30a4fbf36d13f6cc201ffa7771715641e67e"},{"reference_url":"https://github.com/bcgit/bc-java/commit/ff444a479942d88de64004dc82c3ee32a9e9075a","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/ff444a479942d88de64004dc82c3ee32a9e9075a"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-13T13:13:37Z/"}],"url":"https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902025%E2%80%908916"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8916","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-8916"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388195","reference_id":"2388195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388195"},{"reference_url":"https://github.com/advisories/GHSA-4cx2-fc23-5wg6","reference_id":"GHSA-4cx2-fc23-5wg6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4cx2-fc23-5wg6"},{"reference_url":"https://usn.ubuntu.com/8108-1/","reference_id":"USN-8108-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8108-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/921577?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2025-8916","GHSA-4cx2-fc23-5wg6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqgc-hd9r-zuek"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11034?format=json","vulnerability_id":"VCID-2u8v-56gn-8uc2","summary":"Timing based private key exposure in Bouncy Castle\nBouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15522.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15522.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15522","reference_id":"","reference_type":"","scores":[{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60973","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60947","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60984","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60924","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60876","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60927","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60935","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00403","scoring_system":"epss","scoring_elements":"0.60922","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.6856","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68546","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68583","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68654","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68641","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68612","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68651","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68662","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0057","scoring_system":"epss","scoring_elements":"0.68642","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15522"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210622-0007","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210622-0007"},{"reference_url":"https://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/releasenotes.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962879","reference_id":"1962879","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1962879"},{"reference_url":"https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522","reference_id":"CVE-2020-15522","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-csharp/wiki/CVE-2020-15522"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-15522","reference_id":"CVE-2020-15522","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-15522"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15522","reference_id":"CVE-2020-15522","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15522"},{"reference_url":"https://github.com/advisories/GHSA-6xx3-rg99-gc3p","reference_id":"GHSA-6xx3-rg99-gc3p","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xx3-rg99-gc3p"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1401","reference_id":"RHSA-2021:1401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2755","reference_id":"RHSA-2021:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5134","reference_id":"RHSA-2021:5134","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5134"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1013","reference_id":"RHSA-2022:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1029","reference_id":"RHSA-2022:1029","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1029"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585096?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2020-15522","GHSA-6xx3-rg99-gc3p"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2u8v-56gn-8uc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4692?format=json","vulnerability_id":"VCID-31h9-7jrr-9kdt","summary":"In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000340.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000340","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60627","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60601","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60641","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60557","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60594","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60558","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60599","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60593","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60584","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60537","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60436","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6059","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60578","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60512","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60508","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000340"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000340"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00"},{"reference_url":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/790642084c4e0cadd47352054f868cc8397e2c00#diff-e5934feac8203ca0104ab291a3560a31"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588688","reference_id":"1588688","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588688"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000340","reference_id":"CVE-2016-1000340","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000340"},{"reference_url":"https://github.com/advisories/GHSA-r97x-3g8f-gx3m","reference_id":"GHSA-r97x-3g8f-gx3m","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r97x-3g8f-gx3m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000340","GHSA-r97x-3g8f-gx3m"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31h9-7jrr-9kdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56467?format=json","vulnerability_id":"VCID-4kq8-fsqc-4qdn","summary":"Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability\nThe Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to \"a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.\"","references":[{"reference_url":"http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580","reference_id":"","reference_type":"","scores":[],"url":"http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6721","reference_id":"","reference_type":"","scores":[{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75097","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75043","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75051","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75058","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75084","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75108","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75089","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74927","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.7493","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74959","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74933","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74967","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74979","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75001","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74981","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.74971","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75007","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75015","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00856","scoring_system":"epss","scoring_elements":"0.75005","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6721"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6721","reference_id":"","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6721"},{"reference_url":"https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp"},{"reference_url":"https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp/","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp/"},{"reference_url":"https://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html"},{"reference_url":"http://www.bouncycastle.org/csharp/","reference_id":"","reference_type":"","scores":[],"url":"http://www.bouncycastle.org/csharp/"},{"reference_url":"http://www.bouncycastle.org/devmailarchive/msg08195.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.bouncycastle.org/devmailarchive/msg08195.html"},{"reference_url":"http://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.bouncycastle.org/releasenotes.html"},{"reference_url":"http://www.osvdb.org/50358","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/50358"},{"reference_url":"http://www.osvdb.org/50359","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/50359"},{"reference_url":"http://www.osvdb.org/50360","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/50360"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=494053","reference_id":"494053","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=494053"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-m26p-m559-g5j5","reference_id":"GHSA-m26p-m559-g5j5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m26p-m559-g5j5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585583?format=json","purl":"pkg:deb/debian/bouncycastle@1.38-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.38-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2007-6721","GHSA-m26p-m559-g5j5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq8-fsqc-4qdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15835?format=json","vulnerability_id":"VCID-ahmw-gd8w-f7cd","summary":"Improper Input Validation in Bouncy Castle\nThe TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.","references":[{"reference_url":"http://openwall.com/lists/oss-security/2013/02/05/24","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openwall.com/lists/oss-security/2013/02/05/24"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0371.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0371.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-0372.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2014-0372.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1624.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1624.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1624","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59883","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59845","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5983","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59793","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5984","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59899","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59856","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5971","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59783","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59828","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59842","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59827","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59865","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59872","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59857","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1624"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1624"},{"reference_url":"http://secunia.com/advisories/57716","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57716"},{"reference_url":"http://secunia.com/advisories/57719","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://secunia.com/advisories/57719"},{"reference_url":"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885","reference_id":"699885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=908428","reference_id":"908428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=908428"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.37:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.37:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.37:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.38:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.38:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.38:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.39:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.39:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.39:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.40:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.40:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.40:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.41:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.41:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.41:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.42:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.42:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.42:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.43:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.43:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.43:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.44:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.44:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.44:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.45:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.45:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.45:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.46:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.46:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.46:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.47:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.47:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.47:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1624","reference_id":"CVE-2013-1624","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1624"},{"reference_url":"https://github.com/advisories/GHSA-8353-fgcr-xfhx","reference_id":"GHSA-8353-fgcr-xfhx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8353-fgcr-xfhx"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0400","reference_id":"RHSA-2014:0400","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0400"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0401","reference_id":"RHSA-2014:0401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0896","reference_id":"RHSA-2014:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586607?format=json","purl":"pkg:deb/debian/bouncycastle@1.48%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.48%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2013-1624","GHSA-8353-fgcr-xfhx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ahmw-gd8w-f7cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35118?format=json","vulnerability_id":"VCID-amzx-sbps-xke5","summary":"Logic error in Legion of the Bouncy Castle BC Java\nAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88671","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88659","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88662","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88649","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88634","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88623","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88624","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88619","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88605","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88539","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88609","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88595","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88603","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88591","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88568","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88547","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04099","scoring_system":"epss","scoring_elements":"0.88565","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-28052"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-28052"},{"reference_url":"https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-28052"},{"reference_url":"https://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/releasenotes.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2022.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2021.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"reference_url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912881","reference_id":"1912881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1912881"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683","reference_id":"977683","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683"},{"reference_url":"https://security.archlinux.org/AVG-1372","reference_id":"AVG-1372","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1372"},{"reference_url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/","reference_id":"CVE-2020-28052-BOUNCY-CASTLE","reference_type":"","scores":[],"url":"https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/"},{"reference_url":"https://github.com/advisories/GHSA-73xv-w5gp-frxh","reference_id":"GHSA-73xv-w5gp-frxh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-73xv-w5gp-frxh"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0872","reference_id":"RHSA-2021:0872","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0872"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0873","reference_id":"RHSA-2021:0873","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0873"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0874","reference_id":"RHSA-2021:0874","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0874"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0885","reference_id":"RHSA-2021:0885","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0974","reference_id":"RHSA-2021:0974","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0974"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1401","reference_id":"RHSA-2021:1401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1401"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2210","reference_id":"RHSA-2021:2210","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2210"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2755","reference_id":"RHSA-2021:2755","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2755"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3205","reference_id":"RHSA-2021:3205","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3205"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4767","reference_id":"RHSA-2021:4767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/585053?format=json","purl":"pkg:deb/debian/bouncycastle@1.65-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.65-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2020-28052","GHSA-73xv-w5gp-frxh"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35763?format=json","vulnerability_id":"VCID-b1m6-r1bv-d7gr","summary":"Multiple vulnerabilities have been found in PolarSSL, the worst of\n    which might allow a remote attacker to cause a Denial of Service condition.","references":[{"reference_url":"http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=136396549913849&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136396549913849&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136432043316835&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136432043316835&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136439120408139&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136439120408139&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=136733161405818&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136733161405818&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=137545771702053&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=137545771702053&w=2"},{"reference_url":"http://openwall.com/lists/oss-security/2013/02/05/24","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2013/02/05/24"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0782.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0782.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0783.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0783.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0833.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0833.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1456.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-1456.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0169.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0169.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0169","reference_id":"","reference_type":"","scores":[{"value":"0.00773","scoring_system":"epss","scoring_elements":"0.73578","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00773","scoring_system":"epss","scoring_elements":"0.73526","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00773","scoring_system":"epss","scoring_elements":"0.73534","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00773","scoring_system":"epss","scoring_elements":"0.73557","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00773","scoring_system":"epss","scoring_elements":"0.73528","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00773","scoring_system":"epss","scoring_elements":"0.73565","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74832","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74775","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74782","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74784","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74787","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74819","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74844","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0084","scoring_system":"epss","scoring_elements":"0.74812","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76101","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76077","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76075","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76115","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76119","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00928","scoring_system":"epss","scoring_elements":"0.76103","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0169"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169"},{"reference_url":"http://secunia.com/advisories/53623","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/53623"},{"reference_url":"http://secunia.com/advisories/55108","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55108"},{"reference_url":"http://secunia.com/advisories/55139","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55139"},{"reference_url":"http://secunia.com/advisories/55322","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55322"},{"reference_url":"http://secunia.com/advisories/55350","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55350"},{"reference_url":"http://secunia.com/advisories/55351","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55351"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"},{"reference_url":"https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released","reference_id":"","reference_type":"","scores":[],"url":"https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"},{"reference_url":"https://puppet.com/security/cve/cve-2013-0169","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/cve-2013-0169"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001","reference_id":"","reference_type":"","scores":[],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"},{"reference_url":"http://support.apple.com/kb/HT5880","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5880"},{"reference_url":"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084","reference_id":"","reference_type":"","scores":[],"url":"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21644047","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21644047"},{"reference_url":"http://www.debian.org/security/2013/dsa-2621","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2621"},{"reference_url":"http://www.debian.org/security/2013/dsa-2622","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2622"},{"reference_url":"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf","reference_id":"","reference_type":"","scores":[],"url":"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"},{"reference_url":"http://www.kb.cert.org/vuls/id/737740","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/737740"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:095","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"},{"reference_url":"http://www.matrixssl.org/news.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.matrixssl.org/news.html"},{"reference_url":"http://www.openssl.org/news/secadv_20130204.txt","reference_id":"","reference_type":"","scores":[],"url":"http://www.openssl.org/news/secadv_20130204.txt"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"},{"reference_url":"http://www.securityfocus.com/bid/57778","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57778"},{"reference_url":"http://www.securitytracker.com/id/1029190","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1029190"},{"reference_url":"http://www.splunk.com/view/SP-CAAAHXG","reference_id":"","reference_type":"","scores":[],"url":"http://www.splunk.com/view/SP-CAAAHXG"},{"reference_url":"http://www.ubuntu.com/usn/USN-1735-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1735-1"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA13-051A.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.us-cert.gov/cas/techalerts/TA13-051A.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885","reference_id":"699885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699888","reference_id":"699888","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699888"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889","reference_id":"699889","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=907589","reference_id":"907589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=907589"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0169","reference_id":"CVE-2013-0169","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0169"},{"reference_url":"https://security.gentoo.org/glsa/201310-10","reference_id":"GLSA-201310-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-10"},{"reference_url":"https://security.gentoo.org/glsa/201312-03","reference_id":"GLSA-201312-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201312-03"},{"reference_url":"https://security.gentoo.org/glsa/201401-30","reference_id":"GLSA-201401-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201401-30"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0273","reference_id":"RHSA-2013:0273","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0273"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0274","reference_id":"RHSA-2013:0274","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0274"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0275","reference_id":"RHSA-2013:0275","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0275"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0531","reference_id":"RHSA-2013:0531","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0531"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0532","reference_id":"RHSA-2013:0532","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0532"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0587","reference_id":"RHSA-2013:0587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0636","reference_id":"RHSA-2013:0636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0782","reference_id":"RHSA-2013:0782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0783","reference_id":"RHSA-2013:0783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0822","reference_id":"RHSA-2013:0822","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0822"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0823","reference_id":"RHSA-2013:0823","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0823"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0833","reference_id":"RHSA-2013:0833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0855","reference_id":"RHSA-2013:0855","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1013","reference_id":"RHSA-2013:1013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1456","reference_id":"RHSA-2013:1456","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1456"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0416","reference_id":"RHSA-2014:0416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4298","reference_id":"RHSA-2020:4298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4298"},{"reference_url":"https://usn.ubuntu.com/1732-1/","reference_id":"USN-1732-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1732-1/"},{"reference_url":"https://usn.ubuntu.com/1732-3/","reference_id":"USN-1732-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1732-3/"},{"reference_url":"https://usn.ubuntu.com/1735-1/","reference_id":"USN-1735-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1735-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586607?format=json","purl":"pkg:deb/debian/bouncycastle@1.48%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.48%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2013-0169"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1m6-r1bv-d7gr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4688?format=json","vulnerability_id":"VCID-crf9-zn1q-vya8","summary":"Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1832","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1832"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2808","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2809","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2809"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2810","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2810"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2811","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2811"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-6644.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6644","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39981","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39661","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39721","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39637","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40129","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40155","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40076","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40142","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40152","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40114","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40095","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40144","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39866","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3985","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39769","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39704","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-6644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6644"},{"reference_url":"https://github.com/bcgit/bc-java/commit/25aca54734b861ef109ac4943c4a5f98c0c1b885","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/25aca54734b861ef109ac4943c4a5f98c0c1b885"},{"reference_url":"https://github.com/bcgit/bc-java/commit/2d80e6cc6f5b78e159dba3277414e3bfea511dea","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/2d80e6cc6f5b78e159dba3277414e3bfea511dea"},{"reference_url":"https://github.com/bcgit/bc-java/commit/874bab94a5baf426545948116cabe6f4ae338c20","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/874bab94a5baf426545948116cabe6f4ae338c20"},{"reference_url":"https://github.com/bcgit/bc-java/commit/9bc10bbaa9620d691c58e2b37f31f0d31ceea61f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/9bc10bbaa9620d691c58e2b37f31f0d31ceea61f"},{"reference_url":"http://source.android.com/security/bulletin/2016-01-01.html","reference_id":"","reference_type":"","scores":[],"url":"http://source.android.com/security/bulletin/2016-01-01.html"},{"reference_url":"http://www.debian.org/security/2017/dsa-3829","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3829"},{"reference_url":"http://www.securityfocus.com/bid/79865","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/79865"},{"reference_url":"http://www.securitytracker.com/id/1034592","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034592"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444015","reference_id":"1444015","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444015"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6644","reference_id":"CVE-2015-6644","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6644"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586352?format=json","purl":"pkg:deb/debian/bouncycastle@1.54-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.54-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2015-6644"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-crf9-zn1q-vya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4694?format=json","vulnerability_id":"VCID-ddqw-aj7g-s7c2","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000341.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000341","reference_id":"","reference_type":"","scores":[{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.742","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74042","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74074","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74045","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74114","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74096","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.7409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74129","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74128","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74171","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74193","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74177","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000341"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000341"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa"},{"reference_url":"https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/acaac81f96fec91ab45bd0412beaf9c3acd8defa#diff-e75226a9ca49217a7276b29242ec59ce"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588708","reference_id":"1588708","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588708"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000341","reference_id":"CVE-2016-1000341","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000341"},{"reference_url":"https://github.com/advisories/GHSA-r9ch-m4fh-fc7q","reference_id":"GHSA-r9ch-m4fh-fc7q","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r9ch-m4fh-fc7q"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000341","GHSA-r9ch-m4fh-fc7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddqw-aj7g-s7c2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40939?format=json","vulnerability_id":"VCID-e1yx-dxa6-1bba","summary":"Multiple vulnerabilities have been found in the Oracle JRE/JDK,\n    allowing attackers to cause unspecified impact.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3389.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389","reference_id":"","reference_type":"","scores":[{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88245","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88174","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88172","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88221","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88234","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88231","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88099","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88108","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88124","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88131","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.8815","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88165","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.88159","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03832","scoring_system":"epss","scoring_elements":"0.8816","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03933","scoring_system":"epss","scoring_elements":"0.88364","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03933","scoring_system":"epss","scoring_elements":"0.88375","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03933","scoring_system":"epss","scoring_elements":"0.88358","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03933","scoring_system":"epss","scoring_elements":"0.88362","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3389"},{"reference_url":"https://curl.se/docs/CVE-2011-3389.html","reference_id":"","reference_type":"","scores":[{"value":"High","scoring_system":"cvssv3.1","scoring_elements":""}],"url":"https://curl.se/docs/CVE-2011-3389.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506","reference_id":"737506","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=737506"},{"reference_url":"https://security.gentoo.org/glsa/201111-02","reference_id":"GLSA-201111-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201111-02"},{"reference_url":"https://security.gentoo.org/glsa/201203-02","reference_id":"GLSA-201203-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-02"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1380","reference_id":"RHSA-2011:1380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:1384","reference_id":"RHSA-2011:1384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:1384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0006","reference_id":"RHSA-2012:0006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0034","reference_id":"RHSA-2012:0034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0343","reference_id":"RHSA-2012:0343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0508","reference_id":"RHSA-2012:0508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1455","reference_id":"RHSA-2013:1455","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1455"},{"reference_url":"https://usn.ubuntu.com/1263-1/","reference_id":"USN-1263-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1263-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586443?format=json","purl":"pkg:deb/debian/bouncycastle@1.49%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.49%252Bdfsg-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2011-3389"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e1yx-dxa6-1bba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5112?format=json","vulnerability_id":"VCID-f4qa-9fn6-97az","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000342.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000342.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000342","reference_id":"","reference_type":"","scores":[{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64718","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64565","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64551","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.646","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64616","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64634","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64621","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64628","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64639","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64625","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64645","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64657","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64654","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64632","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64681","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64724","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64696","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64511","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000342"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000342"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647"},{"reference_url":"https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647#diff-25c3c78db788365f36839b3f2d3016b9"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588715","reference_id":"1588715","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588715"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000342","reference_id":"CVE-2016-1000342","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000342"},{"reference_url":"https://github.com/advisories/GHSA-qcj7-g2j5-g7r3","reference_id":"GHSA-qcj7-g2j5-g7r3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qcj7-g2j5-g7r3"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000342","GHSA-qcj7-g2j5-g7r3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f4qa-9fn6-97az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4838?format=json","vulnerability_id":"VCID-f73y-mjrg-yfc9","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000344.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000344.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000344","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59968","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59932","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59953","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.5996","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59945","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59941","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59983","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59879","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59919","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.5979","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59931","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59892","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59862","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59912","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59926","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000344"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000344"},{"reference_url":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588314","reference_id":"1588314","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588314"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000344","reference_id":"CVE-2016-1000344","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000344"},{"reference_url":"https://github.com/advisories/GHSA-2j2x-hx4g-2gf4","reference_id":"GHSA-2j2x-hx4g-2gf4","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2j2x-hx4g-2gf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000344","GHSA-2j2x-hx4g-2gf4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f73y-mjrg-yfc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5024?format=json","vulnerability_id":"VCID-jr7u-m7gc-pydy","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak information on the AES key being used. There was also a leak in AESEngine although it was substantially less. AESEngine has been modified to remove any signs of leakage (testing carried out on Intel X86-64) and is now the primary AES class for the BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where otherwise deemed appropriate.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000339.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000339.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000339","reference_id":"","reference_type":"","scores":[{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78383","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78178","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78187","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78217","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.782","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78226","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78258","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78268","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78266","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78263","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78296","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78301","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78317","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.7833","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78356","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78372","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01119","scoring_system":"epss","scoring_elements":"0.78366","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000339"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000339"},{"reference_url":"https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b"},{"reference_url":"https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0"},{"reference_url":"https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588695","reference_id":"1588695","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588695"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000339","reference_id":"CVE-2016-1000339","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000339"},{"reference_url":"https://github.com/advisories/GHSA-c8xf-m4ff-jcxj","reference_id":"GHSA-c8xf-m4ff-jcxj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c8xf-m4ff-jcxj"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000339","GHSA-c8xf-m4ff-jcxj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jr7u-m7gc-pydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4540?format=json","vulnerability_id":"VCID-jua2-2byr-t3cv","summary":"In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000338.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000338.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000338","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58857","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58911","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58895","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58912","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58793","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58947","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58919","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58963","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58905","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5889","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58931","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58897","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58934","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.58916","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5891","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000338"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000338"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/843c2e60f67d71faf81d236f448ebbe56c62c647"},{"reference_url":"https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/b0c3ce99d43d73a096268831d0d120ffc89eac7f#diff-3679f5a9d2b939d0d3ee1601a7774fb0"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231006-0011","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20231006-0011"},{"reference_url":"https://security.netapp.com/advisory/ntap-20231006-0011/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20231006-0011/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588313","reference_id":"1588313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588313"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:7-mode_transition_tool:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite:6.4:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000338","reference_id":"CVE-2016-1000338","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000338"},{"reference_url":"https://github.com/advisories/GHSA-4vhj-98r6-424h","reference_id":"GHSA-4vhj-98r6-424h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vhj-98r6-424h"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000338","GHSA-4vhj-98r6-424h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jua2-2byr-t3cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4693?format=json","vulnerability_id":"VCID-ka8b-44hx-mkc5","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000352.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000352.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000352","reference_id":"","reference_type":"","scores":[{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.5996","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59968","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59941","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59983","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59912","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59926","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59947","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59932","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59953","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59945","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59879","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59919","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.5979","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59931","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59914","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59867","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59892","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00388","scoring_system":"epss","scoring_elements":"0.59862","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000352"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000352"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/9385b0ebd277724b167fe1d1456e3c112112be1f"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588330","reference_id":"1588330","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588330"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000352","reference_id":"CVE-2016-1000352","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000352"},{"reference_url":"https://github.com/advisories/GHSA-w285-wf9q-5w69","reference_id":"GHSA-w285-wf9q-5w69","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w285-wf9q-5w69"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000352","GHSA-w285-wf9q-5w69"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ka8b-44hx-mkc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34900?format=json","vulnerability_id":"VCID-nau9-4auz-pqbs","summary":"Observable Differences in Behavior to Error Inputs in Bouncy Castle\nIn Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26939","reference_id":"","reference_type":"","scores":[{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85287","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85151","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85159","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85173","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85171","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85188","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.8519","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85212","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85221","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85219","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85233","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85259","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85278","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85273","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85096","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85109","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.85126","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02437","scoring_system":"epss","scoring_elements":"0.8513","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26939"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26939"},{"reference_url":"https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-26939","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2020-26939"},{"reference_url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26939","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26939"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201202-0005","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20201202-0005"},{"reference_url":"https://github.com/advisories/GHSA-72m5-fvvv-55m6","reference_id":"GHSA-72m5-fvvv-55m6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-72m5-fvvv-55m6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586584?format=json","purl":"pkg:deb/debian/bouncycastle@1.61-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.61-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2020-26939","GHSA-72m5-fvvv-55m6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nau9-4auz-pqbs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50505?format=json","vulnerability_id":"VCID-ndmg-87rn-a3cn","summary":"Out-of-Memory Error in Bouncy Castle Crypto\nThe ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17359","reference_id":"","reference_type":"","scores":[{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91837","published_at":"2026-04-01T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91931","published_at":"2026-05-12T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91923","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91924","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91914","published_at":"2026-05-07T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91902","published_at":"2026-05-05T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91889","published_at":"2026-04-29T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91893","published_at":"2026-04-26T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91895","published_at":"2026-04-24T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.9189","published_at":"2026-04-21T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91892","published_at":"2026-04-18T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91896","published_at":"2026-04-16T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91881","published_at":"2026-04-12T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91877","published_at":"2026-04-13T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91872","published_at":"2026-04-08T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91859","published_at":"2026-04-07T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91851","published_at":"2026-04-04T12:55:00Z"},{"value":"0.07634","scoring_system":"epss","scoring_elements":"0.91845","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17359"},{"reference_url":"https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d@%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d@%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17359","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17359"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191024-0006","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20191024-0006"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191024-0006/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191024-0006/"},{"reference_url":"https://www.bouncycastle.org/latest_releases.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/latest_releases.html"},{"reference_url":"https://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/releasenotes.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujan2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujan2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpujul2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomee:7.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomee:7.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomee:7.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomee:8.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:tomee:8.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomee:8.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.63:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:1.63:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:1.63:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","reference_id":"cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_convergence:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_convergence:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_convergence:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-2mh8-gx2m-mr75","reference_id":"GHSA-2mh8-gx2m-mr75","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2mh8-gx2m-mr75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583890?format=json","purl":"pkg:deb/debian/bouncycastle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2019-17359","GHSA-2mh8-gx2m-mr75"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ndmg-87rn-a3cn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4607?format=json","vulnerability_id":"VCID-pybm-wf4t-pbdg","summary":"Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2423","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2423"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2424","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2424"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2425","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2425"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2428","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2428"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2643","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0877","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:0877"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000180.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000180","reference_id":"","reference_type":"","scores":[{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48928","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00256","scoring_system":"epss","scoring_elements":"0.48964","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51039","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51082","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51096","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51092","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51136","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51115","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51098","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51137","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51143","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.5112","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51068","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00277","scoring_system":"epss","scoring_elements":"0.51076","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54159","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54155","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54103","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54145","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.542","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000180"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad"},{"reference_url":"https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190204-0003","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190204-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190204-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190204-0003/"},{"reference_url":"https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-of-iterations-for-mr-primality-test"},{"reference_url":"https://www.debian.org/security/2018/dsa-4233","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2018/dsa-4233"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/106567","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/106567"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588306","reference_id":"1588306","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588306"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843","reference_id":"900843","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900843"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:fips_java_api:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:virtualization:4.2:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180","reference_id":"CVE-2018-1000180","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000180","reference_id":"CVE-2018-1000180","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000180"},{"reference_url":"https://github.com/advisories/GHSA-xqj7-j8j5-f2xr","reference_id":"GHSA-xqj7-j8j5-f2xr","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xqj7-j8j5-f2xr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586293?format=json","purl":"pkg:deb/debian/bouncycastle@1.59-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.59-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2018-1000180","GHSA-xqj7-j8j5-f2xr"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pybm-wf4t-pbdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4836?format=json","vulnerability_id":"VCID-qr8s-5r61-skhw","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000345.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000345","reference_id":"","reference_type":"","scores":[{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74129","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.742","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74177","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74215","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74193","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74045","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74078","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74093","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74114","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74096","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.7409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74165","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74171","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74172","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74042","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74164","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74128","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00802","scoring_system":"epss","scoring_elements":"0.74074","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000345"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000345"},{"reference_url":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35"},{"reference_url":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588323","reference_id":"1588323","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588323"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000345","reference_id":"CVE-2016-1000345","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000345"},{"reference_url":"https://github.com/advisories/GHSA-9gp4-qrff-c648","reference_id":"GHSA-9gp4-qrff-c648","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gp4-qrff-c648"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000345","GHSA-9gp4-qrff-c648"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr8s-5r61-skhw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4594?format=json","vulnerability_id":"VCID-tnen-a68v-9bfk","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000343.json","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000343.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000343","reference_id":"","reference_type":"","scores":[{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77866","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77854","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.7784","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77832","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77799","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77805","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77806","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77769","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.7777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77786","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.7776","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77755","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77744","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77923","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77904","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77915","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77897","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77717","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.77727","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01074","scoring_system":"epss","scoring_elements":"0.7771","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000343"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389"},{"reference_url":"https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588721","reference_id":"1588721","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588721"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000343","reference_id":"CVE-2016-1000343","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000343"},{"reference_url":"https://github.com/advisories/GHSA-rrvx-pwf8-p59p","reference_id":"GHSA-rrvx-pwf8-p59p","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rrvx-pwf8-p59p"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000343","GHSA-rrvx-pwf8-p59p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tnen-a68v-9bfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4950?format=json","vulnerability_id":"VCID-w543-qxxs-f7g7","summary":"The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type \"BKS-V1\" was introduced in 1.49. It should be noted that the use of \"BKS-V1\" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5382.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5382","reference_id":"","reference_type":"","scores":[{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35493","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3596","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35985","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35934","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35706","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35674","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35586","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35471","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35542","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35562","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3547","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35889","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.3608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36109","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35945","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35995","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36017","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.36024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00153","scoring_system":"epss","scoring_elements":"0.35986","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5382"},{"reference_url":"https://github.com/bcgit/bc-java/commit/81b00861cd5711e85fe8dce2a0e119f684120255","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/81b00861cd5711e85fe8dce2a0e119f684120255"},{"reference_url":"https://www.bouncycastle.org/releasenotes.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bouncycastle.org/releasenotes.html"},{"reference_url":"https://www.kb.cert.org/vuls/id/306792","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.kb.cert.org/vuls/id/306792"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"http://www.securityfocus.com/bid/103453","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/103453"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1563749","reference_id":"1563749","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1563749"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5382","reference_id":"CVE-2018-5382","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5382"},{"reference_url":"https://github.com/advisories/GHSA-8477-3v39-ggpm","reference_id":"GHSA-8477-3v39-ggpm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8477-3v39-ggpm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586607?format=json","purl":"pkg:deb/debian/bouncycastle@1.48%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.48%252Bdfsg-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2018-5382","GHSA-8477-3v39-ggpm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w543-qxxs-f7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4778?format=json","vulnerability_id":"VCID-waqt-x8vm-qyez","summary":"The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an \"invalid curve attack.\"","references":[{"reference_url":"http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83","reference_id":"","reference_type":"","scores":[],"url":"http://git.bouncycastle.org/repositories/bc-java/commit/5cb2f0578e6ec8f0d67e59d05d8c4704d8e05f83"},{"reference_url":"http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04","reference_id":"","reference_type":"","scores":[],"url":"http://git.bouncycastle.org/repositories/bc-java/commit/e25e94a046a6934819133886439984e2fecb2b04"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2035.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2035.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2036.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2016-2036.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7940.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7940","reference_id":"","reference_type":"","scores":[{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.7676","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76583","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76586","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76615","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76628","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76639","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76666","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76645","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76636","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76678","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76682","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.7667","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76701","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76708","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.7672","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76707","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76738","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76756","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76744","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7940"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7940"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html"},{"reference_url":"http://www.debian.org/security/2015/dsa-3417","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3417"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/10/22/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/10/22/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/10/22/9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2015/10/22/9"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/79091","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/79091"},{"reference_url":"http://www.securitytracker.com/id/1037036","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1037036"},{"reference_url":"http://www.securitytracker.com/id/1037046","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1037046"},{"reference_url":"http://www.securitytracker.com/id/1037053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securitytracker.com/id/1037053"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1276272","reference_id":"1276272","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1276272"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671","reference_id":"802671","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802671"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7940","reference_id":"CVE-2015-7940","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7940"},{"reference_url":"https://github.com/advisories/GHSA-4mv7-cq75-3qjm","reference_id":"GHSA-4mv7-cq75-3qjm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4mv7-cq75-3qjm"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2035","reference_id":"RHSA-2016:2035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2036","reference_id":"RHSA-2016:2036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2036"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586368?format=json","purl":"pkg:deb/debian/bouncycastle@1.51-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.51-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2015-7940","GHSA-4mv7-cq75-3qjm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-waqt-x8vm-qyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40098?format=json","vulnerability_id":"VCID-xap5-djda-2uem","summary":"Multiple vulnerabilities have been found in Oracle JRE/JDK,\n    allowing both local and remote attackers to compromise various Java\n    components.","references":[{"reference_url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc"},{"reference_url":"http://advisories.mageia.org/MGASA-2014-0416.html","reference_id":"","reference_type":"","scores":[],"url":"http://advisories.mageia.org/MGASA-2014-0416.html"},{"reference_url":"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc","reference_id":"","reference_type":"","scores":[],"url":"http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc"},{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html","reference_id":"","reference_type":"","scores":[],"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html"},{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html","reference_id":"","reference_type":"","scores":[],"url":"http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"},{"reference_url":"http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566"},{"reference_url":"http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html","reference_id":"","reference_type":"","scores":[],"url":"http://blog.cryptographyengineering.com/2014/10/attack-of-week-poodle.html"},{"reference_url":"http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/","reference_id":"","reference_type":"","scores":[],"url":"http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/"},{"reference_url":"http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx","reference_id":"","reference_type":"","scores":[],"url":"http://blogs.technet.com/b/msrc/archive/2014/10/14/security-advisory-3009008-released.aspx"},{"reference_url":"http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf","reference_id":"","reference_type":"","scores":[],"url":"http://docs.ipswitch.com/MOVEit/DMZ82/ReleaseNotes/MOVEitReleaseNotes82.pdf"},{"reference_url":"http://downloads.asterisk.org/pub/security/AST-2014-011.html","reference_id":"","reference_type":"","scores":[],"url":"http://downloads.asterisk.org/pub/security/AST-2014-011.html"},{"reference_url":"http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html","reference_id":"","reference_type":"","scores":[],"url":"http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html"},{"reference_url":"http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581","reference_id":"","reference_type":"","scores":[],"url":"http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581"},{"reference_url":"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034","reference_id":"","reference_type":"","scores":[],"url":"http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04779034"},{"reference_url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705","reference_id":"","reference_type":"","scores":[],"url":"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-November/142330.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141114.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-October/141158.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169361.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169374.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00003.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00026.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00033.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00036.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=141450452204552&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141450452204552&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141450973807288&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141450973807288&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141477196830952&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141477196830952&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141576815022399&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141576815022399&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577087123040&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577087123040&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141577350823734&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141577350823734&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141620103726640&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141620103726640&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141628688425177&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141628688425177&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141694355519663&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141694355519663&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141697638231025&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141697638231025&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141697676231104&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141697676231104&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141703183219781&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141703183219781&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141715130023061&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141715130023061&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141775427104070&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141775427104070&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141813976718456&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141813976718456&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141814011518700&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141814011518700&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=141879378918327&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=141879378918327&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142118135300698&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142296755107581&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142296755107581&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142350196615714&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142350196615714&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142350298616097&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142350298616097&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142350743917559&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142350743917559&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142354438527235&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142354438527235&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142357976805598&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142357976805598&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142495837901899&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142495837901899&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142496355704097&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142496355704097&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142546741516006&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142546741516006&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142607790919348&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142607790919348&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142624590206005&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142624590206005&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142624619906067","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142624619906067"},{"reference_url":"http://marc.info/?l=bugtraq&m=142624619906067&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142624619906067&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142624679706236&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142624679706236&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142624719706349&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142624719706349&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142721830231196&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142721830231196&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142721887231400&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142721887231400&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142740155824959&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142740155824959&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142791032306609&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142791032306609&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142804214608580&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142804214608580&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142805027510172&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142805027510172&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142962817202793&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142962817202793&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143039249603103&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143039249603103&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143101048219218&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143101048219218&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143290371927178&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143290371927178&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143290437727362&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143290437727362&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143290522027658&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143290522027658&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143290583027876&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143290583027876&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143558137709884&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143558137709884&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143558192010071&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143558192010071&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=143628269912142&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=143628269912142&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144101915224472&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=144101915224472&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144251162130364&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=144251162130364&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=144294141001552&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=144294141001552&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=145983526810210&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=145983526810210&w=2"},{"reference_url":"http://marc.info/?l=openssl-dev&m=141333049205629&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=openssl-dev&m=141333049205629&w=2"},{"reference_url":"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html","reference_id":"","reference_type":"","scores":[],"url":"http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3566.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1652.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1652.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1653.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1653.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1692.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1692.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1876.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1876.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1877.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1877.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1880.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1880.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1881.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1881.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1882.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1882.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1920.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1920.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2014-1948.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2014-1948.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0068.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0068.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0079.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0079.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0080.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0080.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0085.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0085.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0086.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0086.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0264.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0264.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0698.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-0698.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1545.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1545.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1546.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1546.html"},{"reference_url":"https://access.redhat.com/articles/1232123","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/articles/1232123"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3566.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3566.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3566","reference_id":"","reference_type":"","scores":[{"value":"0.94015","scoring_system":"epss","scoring_elements":"0.99899","published_at":"2026-05-12T12:55:00Z"},{"value":"0.94015","scoring_system":"epss","scoring_elements":"0.99895","published_at":"2026-04-11T12:55:00Z"},{"value":"0.94015","scoring_system":"epss","scoring_elements":"0.99896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.94015","scoring_system":"epss","scoring_elements":"0.99897","published_at":"2026-04-18T12:55:00Z"},{"value":"0.94015","scoring_system":"epss","scoring_elements":"0.99898","published_at":"2026-05-11T12:55:00Z"},{"value":"0.94015","scoring_system":"epss","scoring_elements":"0.99894","published_at":"2026-04-02T12:55:00Z"},{"value":"0.94054","scoring_system":"epss","scoring_elements":"0.99902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.94071","scoring_system":"epss","scoring_elements":"0.99906","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3566"},{"reference_url":"https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/","reference_id":"","reference_type":"","scores":[],"url":"https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/"},{"reference_url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_openssl6"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa83","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa83"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1076983","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1076983"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1592"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1594"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6593"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0395"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0407"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0408"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0410"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0412"},{"reference_url":"https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip","reference_id":"","reference_type":"","scores":[],"url":"https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip"},{"reference_url":"http://secunia.com/advisories/59627","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59627"},{"reference_url":"http://secunia.com/advisories/60056","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60056"},{"reference_url":"http://secunia.com/advisories/60206","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60206"},{"reference_url":"http://secunia.com/advisories/60792","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60792"},{"reference_url":"http://secunia.com/advisories/60859","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/60859"},{"reference_url":"http://secunia.com/advisories/61019","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61019"},{"reference_url":"http://secunia.com/advisories/61130","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61130"},{"reference_url":"http://secunia.com/advisories/61303","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61303"},{"reference_url":"http://secunia.com/advisories/61316","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61316"},{"reference_url":"http://secunia.com/advisories/61345","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61345"},{"reference_url":"http://secunia.com/advisories/61359","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61359"},{"reference_url":"http://secunia.com/advisories/61782","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61782"},{"reference_url":"http://secunia.com/advisories/61810","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61810"},{"reference_url":"http://secunia.com/advisories/61819","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61819"},{"reference_url":"http://secunia.com/advisories/61825","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61825"},{"reference_url":"http://secunia.com/advisories/61827","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61827"},{"reference_url":"http://secunia.com/advisories/61926","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61926"},{"reference_url":"http://secunia.com/advisories/61995","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61995"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/mpgn/poodle-PoC","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpgn/poodle-PoC"},{"reference_url":"https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU","reference_id":"","reference_type":"","scores":[],"url":"https://groups.google.com/forum/#%21topic/docker-user/oYm0i3xShJU"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04819635"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05068681"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05301946"},{"reference_url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","reference_id":"","reference_type":"","scores":[],"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10090","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10090"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10091","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10091"},{"reference_url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10104","reference_id":"","reference_type":"","scores":[],"url":"https://kc.mcafee.com/corporate/index?page=content&id=SB10104"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://puppet.com/security/cve/poodle-sslv3-vulnerability","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/poodle-sslv3-vulnerability"},{"reference_url":"https://security.netapp.com/advisory/ntap-20141015-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20141015-0001/"},{"reference_url":"https://support.apple.com/HT205217","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT205217"},{"reference_url":"https://support.apple.com/kb/HT6527","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6527"},{"reference_url":"https://support.apple.com/kb/HT6529","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6529"},{"reference_url":"https://support.apple.com/kb/HT6531","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6531"},{"reference_url":"https://support.apple.com/kb/HT6535","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6535"},{"reference_url":"https://support.apple.com/kb/HT6536","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6536"},{"reference_url":"https://support.apple.com/kb/HT6541","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6541"},{"reference_url":"https://support.apple.com/kb/HT6542","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT6542"},{"reference_url":"https://support.citrix.com/article/CTX216642","reference_id":"","reference_type":"","scores":[],"url":"https://support.citrix.com/article/CTX216642"},{"reference_url":"https://support.lenovo.com/product_security/poodle","reference_id":"","reference_type":"","scores":[],"url":"https://support.lenovo.com/product_security/poodle"},{"reference_url":"https://support.lenovo.com/us/en/product_security/poodle","reference_id":"","reference_type":"","scores":[],"url":"https://support.lenovo.com/us/en/product_security/poodle"},{"reference_url":"https://technet.microsoft.com/library/security/3009008.aspx","reference_id":"","reference_type":"","scores":[],"url":"https://technet.microsoft.com/library/security/3009008.aspx"},{"reference_url":"https://templatelab.com/ssl-poodle/","reference_id":"","reference_type":"","scores":[],"url":"https://templatelab.com/ssl-poodle/"},{"reference_url":"http://support.apple.com/HT204244","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/HT204244"},{"reference_url":"http://support.citrix.com/article/CTX200238","reference_id":"","reference_type":"","scores":[],"url":"http://support.citrix.com/article/CTX200238"},{"reference_url":"https://www-01.ibm.com/support/docview.wss?uid=swg21688165","reference_id":"","reference_type":"","scores":[],"url":"https://www-01.ibm.com/support/docview.wss?uid=swg21688165"},{"reference_url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7","reference_id":"","reference_type":"","scores":[],"url":"https://www.arista.com/en/support/advisories-notices/security-advisories/1015-security-advisory-7"},{"reference_url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html"},{"reference_url":"https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html"},{"reference_url":"https://www.elastic.co/blog/logstash-1-4-3-released","reference_id":"","reference_type":"","scores":[],"url":"https://www.elastic.co/blog/logstash-1-4-3-released"},{"reference_url":"https://www.imperialviolet.org/2014/10/14/poodle.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.imperialviolet.org/2014/10/14/poodle.html"},{"reference_url":"https://www.openssl.org/~bodo/ssl-poodle.pdf","reference_id":"","reference_type":"","scores":[],"url":"https://www.openssl.org/~bodo/ssl-poodle.pdf"},{"reference_url":"https://www.openssl.org/news/secadv_20141015.txt","reference_id":"","reference_type":"","scores":[],"url":"https://www.openssl.org/news/secadv_20141015.txt"},{"reference_url":"https://www.suse.com/support/kb/doc.php?id=7015773","reference_id":"","reference_type":"","scores":[],"url":"https://www.suse.com/support/kb/doc.php?id=7015773"},{"reference_url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle","reference_id":"","reference_type":"","scores":[],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-poodle"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021431"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=isg3T1021439"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686997","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21686997"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687172","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687172"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687611","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21687611"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21688283","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21688283"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21692299","reference_id":"","reference_type":"","scores":[],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21692299"},{"reference_url":"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm","reference_id":"","reference_type":"","scores":[],"url":"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-405500.htm"},{"reference_url":"http://www.debian.org/security/2014/dsa-3053","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-3053"},{"reference_url":"http://www.debian.org/security/2015/dsa-3144","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3144"},{"reference_url":"http://www.debian.org/security/2015/dsa-3147","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3147"},{"reference_url":"http://www.debian.org/security/2015/dsa-3253","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3253"},{"reference_url":"http://www.debian.org/security/2016/dsa-3489","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3489"},{"reference_url":"http://www.kb.cert.org/vuls/id/577193","reference_id":"","reference_type":"","scores":[],"url":"http://www.kb.cert.org/vuls/id/577193"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:203","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2014:203"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062","reference_id":"","reference_type":"","scores":[],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"},{"reference_url":"http://www.securityfocus.com/archive/1/533724/100/0/threaded","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/533724/100/0/threaded"},{"reference_url":"http://www.securityfocus.com/archive/1/533746","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/533746"},{"reference_url":"http://www.securityfocus.com/archive/1/533747","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/archive/1/533747"},{"reference_url":"http://www.securityfocus.com/bid/70574","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/70574"},{"reference_url":"http://www.securitytracker.com/id/1031029","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031029"},{"reference_url":"http://www.securitytracker.com/id/1031039","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031039"},{"reference_url":"http://www.securitytracker.com/id/1031085","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031085"},{"reference_url":"http://www.securitytracker.com/id/1031086","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031086"},{"reference_url":"http://www.securitytracker.com/id/1031087","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031087"},{"reference_url":"http://www.securitytracker.com/id/1031088","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031088"},{"reference_url":"http://www.securitytracker.com/id/1031089","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031089"},{"reference_url":"http://www.securitytracker.com/id/1031090","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031090"},{"reference_url":"http://www.securitytracker.com/id/1031091","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031091"},{"reference_url":"http://www.securitytracker.com/id/1031092","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031092"},{"reference_url":"http://www.securitytracker.com/id/1031093","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031093"},{"reference_url":"http://www.securitytracker.com/id/1031094","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031094"},{"reference_url":"http://www.securitytracker.com/id/1031095","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031095"},{"reference_url":"http://www.securitytracker.com/id/1031096","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031096"},{"reference_url":"http://www.securitytracker.com/id/1031105","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031105"},{"reference_url":"http://www.securitytracker.com/id/1031106","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031106"},{"reference_url":"http://www.securitytracker.com/id/1031107","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031107"},{"reference_url":"http://www.securitytracker.com/id/1031120","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031120"},{"reference_url":"http://www.securitytracker.com/id/1031123","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031123"},{"reference_url":"http://www.securitytracker.com/id/1031124","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031124"},{"reference_url":"http://www.securitytracker.com/id/1031130","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031130"},{"reference_url":"http://www.securitytracker.com/id/1031131","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031131"},{"reference_url":"http://www.securitytracker.com/id/1031132","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1031132"},{"reference_url":"http://www.ubuntu.com/usn/USN-2486-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2486-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2487-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2487-1"},{"reference_url":"http://www.us-cert.gov/ncas/alerts/TA14-290A","reference_id":"","reference_type":"","scores":[],"url":"http://www.us-cert.gov/ncas/alerts/TA14-290A"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2015-0003.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.vmware.com/security/advisories/VMSA-2015-0003.html"},{"reference_url":"http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0","reference_id":"","reference_type":"","scores":[],"url":"http://www.websense.com/support/article/kbarticle/Vulnerabilities-resolved-in-TRITON-APX-Version-8-0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1152789","reference_id":"1152789","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1152789"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765539","reference_id":"765539","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765539"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702","reference_id":"765702","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765702"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768164","reference_id":"768164","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768164"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769904","reference_id":"769904","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769904"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771359","reference_id":"771359","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771359"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.0.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ibm:vios:2.2.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:11.0:sp3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8m:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8r:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8s:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8t:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8u:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8v:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8w:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8y:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8z:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8za:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:0.9.8zb:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0m:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.0n:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1h:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:1.0.1i:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database:11.2.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:database:12.1.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:5.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:ibm:aix:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:mageia:mageia:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:5.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:6.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:11.0:sp3:*:*:*:vmware:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3566","reference_id":"CVE-2014-3566","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3566"},{"reference_url":"https://security.gentoo.org/glsa/201411-10","reference_id":"GLSA-201411-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201411-10"},{"reference_url":"https://security.gentoo.org/glsa/201507-14","reference_id":"GLSA-201507-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-14"},{"reference_url":"https://security.gentoo.org/glsa/201606-11","reference_id":"GLSA-201606-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1876","reference_id":"RHSA-2014:1876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1877","reference_id":"RHSA-2014:1877","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1877"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1880","reference_id":"RHSA-2014:1880","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1881","reference_id":"RHSA-2014:1881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1882","reference_id":"RHSA-2014:1882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1920","reference_id":"RHSA-2014:1920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0010","reference_id":"RHSA-2015:0010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0011","reference_id":"RHSA-2015:0011","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0012","reference_id":"RHSA-2015:0012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0067","reference_id":"RHSA-2015:0067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0068","reference_id":"RHSA-2015:0068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0069","reference_id":"RHSA-2015:0069","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0069"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0079","reference_id":"RHSA-2015:0079","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0079"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0080","reference_id":"RHSA-2015:0080","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0080"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0085","reference_id":"RHSA-2015:0085","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0085"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0086","reference_id":"RHSA-2015:0086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0264","reference_id":"RHSA-2015:0264","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0264"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1545","reference_id":"RHSA-2015:1545","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1545"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1546","reference_id":"RHSA-2015:1546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1546"},{"reference_url":"https://usn.ubuntu.com/2486-1/","reference_id":"USN-2486-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2486-1/"},{"reference_url":"https://usn.ubuntu.com/2487-1/","reference_id":"USN-2487-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2487-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583890?format=json","purl":"pkg:deb/debian/bouncycastle@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2014-3566"],"risk_score":7.8,"exploitability":"2.0","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xap5-djda-2uem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5143?format=json","vulnerability_id":"VCID-xpm3-yad2-mke2","summary":"BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13098.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-13098.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13098","reference_id":"","reference_type":"","scores":[{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98531","published_at":"2026-04-21T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.9853","published_at":"2026-04-18T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98529","published_at":"2026-04-16T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98524","published_at":"2026-04-13T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98523","published_at":"2026-04-12T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98522","published_at":"2026-04-09T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.9852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98517","published_at":"2026-04-07T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98516","published_at":"2026-04-04T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98514","published_at":"2026-04-02T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98512","published_at":"2026-04-01T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98534","published_at":"2026-04-24T12:55:00Z"},{"value":"0.66233","scoring_system":"epss","scoring_elements":"0.98535","published_at":"2026-04-26T12:55:00Z"},{"value":"0.66248","scoring_system":"epss","scoring_elements":"0.98542","published_at":"2026-05-11T12:55:00Z"},{"value":"0.66248","scoring_system":"epss","scoring_elements":"0.98537","published_at":"2026-04-29T12:55:00Z"},{"value":"0.66248","scoring_system":"epss","scoring_elements":"0.9854","published_at":"2026-05-07T12:55:00Z"},{"value":"0.66248","scoring_system":"epss","scoring_elements":"0.98544","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-13098"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13098"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"},{"reference_url":"https://robotattack.org","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://robotattack.org"},{"reference_url":"https://robotattack.org/","reference_id":"","reference_type":"","scores":[],"url":"https://robotattack.org/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171222-0001","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20171222-0001"},{"reference_url":"https://security.netapp.com/advisory/ntap-20171222-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20171222-0001/"},{"reference_url":"https://www.debian.org/security/2017/dsa-4072","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2017/dsa-4072"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"http://www.kb.cert.org/vuls/id/144389","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/144389"},{"reference_url":"http://www.securityfocus.com/bid/102195","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102195"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1525528","reference_id":"1525528","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1525528"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884241","reference_id":"884241","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=884241"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-13098","reference_id":"CVE-2017-13098","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-13098"},{"reference_url":"https://github.com/advisories/GHSA-wrwf-pmmj-w989","reference_id":"GHSA-wrwf-pmmj-w989","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrwf-pmmj-w989"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582145?format=json","purl":"pkg:deb/debian/bouncycastle@1.58-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.58-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2017-13098","GHSA-wrwf-pmmj-w989"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xpm3-yad2-mke2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4868?format=json","vulnerability_id":"VCID-xzbt-bkdp-8bgh","summary":"In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2669","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000346.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1000346.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000346","reference_id":"","reference_type":"","scores":[{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76627","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76445","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.7645","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76478","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.7646","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76492","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76504","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76529","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76508","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76502","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76543","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76547","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76535","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76568","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76573","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76586","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76574","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76604","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76622","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00962","scoring_system":"epss","scoring_elements":"0.76609","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1000346"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495"},{"reference_url":"https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/1127131c89021612c6eefa26dbe5714c194e7495#diff-d525a20b8acaed791ae2f0f770eb5937"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20181127-0004"},{"reference_url":"https://security.netapp.com/advisory/ntap-20181127-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20181127-0004/"},{"reference_url":"https://usn.ubuntu.com/3727-1","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3727-1"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588327","reference_id":"1588327","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588327"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000346","reference_id":"CVE-2016-1000346","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1000346"},{"reference_url":"https://github.com/advisories/GHSA-fjqm-246c-mwqg","reference_id":"GHSA-fjqm-246c-mwqg","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fjqm-246c-mwqg"},{"reference_url":"https://usn.ubuntu.com/3727-1/","reference_id":"USN-3727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/583390?format=json","purl":"pkg:deb/debian/bouncycastle@1.56-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.56-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2016-1000346","GHSA-fjqm-246c-mwqg"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xzbt-bkdp-8bgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4601?format=json","vulnerability_id":"VCID-y7hr-kcfy-5qgd","summary":"Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000613.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000613.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000613","reference_id":"","reference_type":"","scores":[{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89805","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89789","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89778","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89776","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89762","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89768","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89767","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89751","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89758","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89759","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89753","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89746","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89728","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89726","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89708","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89819","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89815","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05036","scoring_system":"epss","scoring_elements":"0.89811","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000613"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bcgit/bc-java","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java"},{"reference_url":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223"},{"reference_url":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"},{"reference_url":"https://github.com/bcgit/bc-java/commit/cc9f91c41be67e88fca4e38f4872418448950fd9","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bcgit/bc-java/commit/cc9f91c41be67e88fca4e38f4872418448950fd9"},{"reference_url":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6"},{"reference_url":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190204-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190204-0003"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190204-0003/","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://security.netapp.com/advisory/ntap-20190204-0003/"},{"reference_url":"https://www.oracle.com/security-alerts/cpuapr2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-01-29T19:03:21Z/"}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601096","reference_id":"1601096","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601096"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000613","reference_id":"CVE-2018-1000613","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1000613"},{"reference_url":"https://github.com/advisories/GHSA-4446-656p-f54g","reference_id":"GHSA-4446-656p-f54g","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4446-656p-f54g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/586548?format=json","purl":"pkg:deb/debian/bouncycastle@1.60-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.60-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582146?format=json","purl":"pkg:deb/debian/bouncycastle@1.68-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.68-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582147?format=json","purl":"pkg:deb/debian/bouncycastle@1.72-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j9r-6zbp-m3bz"},{"vulnerability":"VCID-37ce-hamd-wuda"},{"vulnerability":"VCID-4rs8-tp92-p7ck"},{"vulnerability":"VCID-abxq-7eq3-g7dp"},{"vulnerability":"VCID-d5x5-hcjh-efcr"},{"vulnerability":"VCID-e4j2-7rmt-17bf"},{"vulnerability":"VCID-rary-mqyu-2yes"},{"vulnerability":"VCID-sz15-payv-uyab"},{"vulnerability":"VCID-wqgc-hd9r-zuek"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582148?format=json","purl":"pkg:deb/debian/bouncycastle@1.80-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-37ce-hamd-wuda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.80-3%3Fdistro=trixie"}],"aliases":["CVE-2018-1000613","GHSA-4446-656p-f54g"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7hr-kcfy-5qgd"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/bouncycastle@1.72-2%3Fdistro=trixie"}