Vulnerabilities (CVE)

Filtered by vendor Bouncycastle Subscribe
Filtered by product Bouncy Castle Crypto Package
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-7940 3 Bouncycastle, Opensuse, Oracle 7 Bouncy Castle Crypto Package, Leap, Opensuse and 4 more 2024-11-21 5.0 MEDIUM N/A
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."