Skip to main content
Components
Vulnerabilities
Pricing
MCP
API
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
org.codehaus.sonar-plugins/sonar-pdfreport… | Sonatype Guide
Get full component data and automated fixes with Sonatype Guide.
Sign up for free
maven
org.codehaus.sonar-plugins
sonar-pdfreport-plugin
1.4
sonar-pdfreport-plugin 1.4
Latest
org.codehaus.sonar-plugins
Published
Feb 9, 2015
•
Policy
compliance
maven Registry
Developer Trust Score
Recommended Version:
x.y.z
Recommended upgrade that meets your policy.
Compare Versions
Overview
Overview
Versions
1
Versions
1
Vulnerabilities
20
Vulnerabilities
20
Dependencies
4
Dependencies
4
Reset filters
Severity
Critical
(0)
High
(6)
Medium
(0)
Low
(0)
CVSS Score
0.0
10.0
EPSS Score
0.0
1.0
Malware
KEV Status
Published
Filter
Sort: Published (Newest first)
7.7
sonatype-2024-0946
bouncycastle - Improper Validation of Certificate with Host Mismatch
affected
Severity
High
Published
Apr 10, 2024
7.5
CVE-2024-29857
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.
affected
Severity
High
Published
Apr 10, 2024
8.8
CVE-2017-9096
The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.
affected
Severity
High
Published
Jul 12, 2018
7.5
CVE-2016-1000343
In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
affected
Severity
High
Published
Apr 6, 2017
7.5
CVE-2016-1000338
In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.
affected
Severity
High
Published
Apr 6, 2017
7.5
sonatype-2007-0004
sonatype-2007-0004 - Denial of Service (DoS)
affected
Severity
High
Published
Mar 28, 2017
