Pki-Core 10.6 Resteasy vulnerabilities

CVE-2025-14813 [CRITICAL] CWE-327 bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly bouncycastle: BC-JAVA: GOSTCTR implementation unable to process more than 255 blocks correctly A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `GOSTCTR` implementation is unable to securely process more than 255 blocks of data due to keystream reuse. This issue allows an attacker to break the fundamental confidentiality of any data protected b

CVE-2026-5598 [CRITICAL] CWE-385 bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy to gain unautho

CVE-2026-5588 [MEDIUM] CWE-347 bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid bouncycastle: BC-JAVA: PKIX draft CompositeVerifier accepts empty signature sequence as valid Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pkix modules). This vulnerability is associated with program files JcaContentVerifi

CVE-2026-0636 [MEDIUM] CWE-90 bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java bouncycastle: BC-JAVA: LDAP injection vulnerability in LDAPStoreHelper.java A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA bcprov. The `LDAPStoreHelper` implementation fails to properly neutralize special elements in user-supplied input before incorporating them into LDAP queries. This allows a remote attacker to execute an LDAP injection attack by supplying crafted input, pot