Astra Linux - уязвимость в python-cryptography

In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...

Astra Linux - уязвимость в python-cryptography

A flaw was discovered in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which could result in the exposure of confidential or sensitive data...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-cryptography (UTSA-2026-021489)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021489 advisory. A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-cryptography (UTSA-2026-017476)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017476 advisory. In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow a...

JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

Astra Linux - уязвимость в python-cryptography

Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions, Cipher.updateinto would accept Python objects that implement the buffer protocol, but only provide immutable buffers. This would allow immutable objects such as bytes to b...

cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification ECDSA and...

USN-8087-3 python-cryptography vulnerability

USN-8087-1 fixed a vulnerability in python-cryptography. This update provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remo...

USN-8087-3: python-cryptography vulnerability

USN-8087-1 fixed a vulnerability in python-cryptography. This update provides the corresponding update to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that python-cryptography incorrectly handled subgroup validation for SECT curves. A remo...

Fedora 44 : python-cryptography (2026-aa318887d6)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aa318887d6 advisory. Changelog Wed Apr 8 2026 Jeremy Cline - 46.0.7-1 - Update to 46.0.7 - SECURITY ISSUE: Fixed an issue where non-contiguous buffers could be passed to APIs tha...

Security update for python-cryptography (important)

openSUSE security update: security update for python-cryptography ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20506-1 Rating: important References: bsc1258074 bsc1260876 Cross-References: CVE-2026-26007 CVE-2026-34073 CVSS scores: CVE-2026-26007...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and Dashboard operands are vulnerable to loss of confidentiality (CVE-2026-26007)

Summary Python module cryptography is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance and Dashboard operands that enable the App Connect Enterprise Agent are vulnerable to loss of...

SUSE-SU-2026:21116-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

SUSE-SU-2026:21126-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876...

[SECURITY] Fedora 43 Update: python-cryptography-46.0.7-1.fc43

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers...

Fedora 43 : python-cryptography (2026-95233f8a79)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-95233f8a79 advisory. Changelog Wed Apr 8 2026 Jeremy Cline - 46.0.7-1 - Update to 46.0.7 - SECURITY ISSUE: Fixed an issue where non-contiguous buffers could be passed to APIs tha...

Fedora: Security Advisory (FEDORA-2026-95233f8a79)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OPENSUSE-SU-2026:10535-1 python311-cryptography-46.0.7-1.1 on GA media

These are all security issues fixed in the python311-cryptography-46.0.7-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:20506-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2026-34073: Fixed X.509 bypass of name constraints on wildcard SANs with matching peer names. bsc1260876 - CVE-2026-26007: missing validation can lead to security issues for signature verification ECDSA and shared key negotiati...

EUVD-2026-19911

JWCrypto: JWE ZIP decompression bomb...