Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cryptography project cryptography vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-38325
The cryptography package prior to 41.0.2 for Python mishandles SSH certificates that have critical options.
Cryptography Project Cryptography
NA
CVE-2023-49083
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious...
Cryptography Project Cryptography
NA
CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable object...
Cryptography Project Cryptography
4.3
CVSSv2
CVE-2020-25659
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
Python-cryptography Project Python-cryptography 3.2
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
1 Github repository
6.4
CVSSv2
CVE-2020-36242
In the cryptography package prior to 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
Cryptography Project Cryptography
Fedoraproject Fedora 33
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
2 Github repositories
NA
CVE-2023-50782
A flaw was found in the python-cryptography package. This issue may allow a remote malicious user to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Redhat Ansible Automation Platform 2.0
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
Redhat Update Infrastructure 4
Python-cryptography Project Python-cryptography
6.4
CVSSv2
CVE-2019-5919
An incomplete cryptography of the data store function by using hidden tag in Nablarch 5 (5, and 5u1 to 5u13) allows remote malicious users to obtain information of the stored data, to register invalid value, or alter the value via unspecified vectors.
Nablarch Project Nablarch 5u1
Nablarch Project Nablarch 5u13
Nablarch Project Nablarch 5
NA
CVE-2023-24025
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.
Pqclean Project Pqclean -
1.9
CVSSv2
CVE-2018-12438
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virt...
Libsunec Project Libsunec -
6.8
CVSSv2
CVE-2021-20305
A flaw was found in Nettle in versions prior to 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorre...
Nettle Project Nettle
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »