Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

Prion
Prionadded 2023/02/07 9:15 p.m.37 views

Design/Logic Flaw

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

6.4CVSS6.5AI score0.00688EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVEadded 2023/02/07 8:54 p.m.44 views

CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

6.5CVSS7.3AI score0.00688EPSS
Exploits1
OSV
OSVadded 2023/02/07 8:54 p.m.34 views

CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

4.8CVSS6.7AI score0.00688EPSS
Exploits1References6
AlpineLinux
AlpineLinuxadded 2023/02/07 8:54 p.m.78 views

CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

6.5CVSS6.7AI score0.00688EPSS
Exploits1
Cvelist
Cvelistadded 2023/02/07 8:54 p.m.22 views

CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

4.8CVSS7.1AI score0.00688EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2023/02/07 12:0 a.m.4 views

PT-2023-2766 · Pypi +10 · Cryptography +10

Name of the Vulnerable Software and Affected Versions: cryptography versions 1.8 through the latest version before the fix Description: The issue is related to the Cipher.update into function in the cryptography package, which would accept Python objects that implement the buffer protocol but...

9.1CVSS6.7AI score0.88334EPSS
Exploits12References142
FreeBSD
FreeBSDadded 2023/02/07 12:0 a.m.34 views

py-cryptography -- allows programmers to misuse an API

alex reports: Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows...

6.5CVSS6.8AI score0.00688EPSS
Exploits1References1
Rows per page
Query Builder