cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serialize_key_and_certificates is called with both a certificate whose public key did not match the provided private key and an.....
7.5CVSS
7.2AI Score
0.0004EPSS
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of...
7.5CVSS
7AI Score
0.001EPSS
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical...
7.5CVSS
7.5AI Score
0.001EPSS
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to....
6.5CVSS
6.5AI Score
0.001EPSS
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet...
9.1CVSS
9.2AI Score
0.008EPSS
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5...
5.9CVSS
6.2AI Score
0.001EPSS
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a...
9.8CVSS
9.1AI Score
0.007EPSS
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g....
7.5CVSS
7.2AI Score
0.002EPSS
A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography...
9.8CVSS
9.2AI Score
0.005EPSS
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution...
4.7CVSS
8.7AI Score
0.0004EPSS
The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels,....
7.8CVSS
7.3AI Score
0.001EPSS
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than...
7.5CVSS
7.2AI Score
0.006EPSS
The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing...
6.7AI Score
0.004EPSS