CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

RedHat Linux•added 2026/06/09 11:19 a.m.•6 views

cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces APIs that accept Python buffers, such as Hash.update. A remote attacker could exploit this to cause a buffer overflow, potentially leading t...

9.8CVSS5.6AI score0.00525EPSS

Exploits0References7

RedHat Linux•added 2026/06/09 11:18 a.m.•6 views

cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API

9.8CVSS5.6AI score0.00525EPSS

Exploits0References7

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: The BUGON issue has been prevented by validating the rounded allocation size. When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two using rounduppowoftwo. Similarly, for...

5.5CVSS5.2AI score0.00127EPSS

Exploits0References1

SUSE CVE•added 2026/05/09 2:41 a.m.•10 views

SUSE CVE-2026-43169

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUGON by validating rounded allocation When DRMBUDDYCONTIGUOUSALLOCATION is set, the requested size is rounded up to the next power-of-two via rounduppowoftwo. Similarly, for non-contiguous allocations with lar...

5.7AI score0.00127EPSS

Exploits0References3

RedhatCVE•added 2026/05/06 7:52 p.m.•8 views

CVE-2026-43169

A flaw was found in the drm/buddy component of the Linux kernel. This vulnerability occurs when the system processes memory allocation requests, particularly for contiguous or large non-contiguous blocks. Incorrect rounding of the requested size can lead to an allocation exceeding available memor...

5.5CVSS5.8AI score0.00127EPSS

Exploits0References4

NVD•added 2026/05/06 12:16 p.m.•4 views

CVE-2026-43169

5.5CVSS0.00127EPSS

Exploits0References4

Positive Technologies•added 2026/05/06 12:0 a.m.•9 views

PT-2026-37509

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Prevent BUG ON by validating rounded allocation When DRM BUDDY CONTIGUOUS ALLOCATION is set, the requested size is rounded up to the next power-of-two via roundup pow of two. Similarly, for non-contiguous allocations...

5.7AI score0.00127EPSS

Exploits0References5

Tenable Nessus•added 2026/04/27 12:0 a.m.•5 views

Fedora 44 : python-cryptography (2026-aa318887d6)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-aa318887d6 advisory. Changelog Wed Apr 8 2026 Jeremy Cline - 46.0.7-1 - Update to 46.0.7 - SECURITY ISSUE: Fixed an issue where non-contiguous buffers could be passed to APIs tha...

9.8CVSS5.5AI score0.00525EPSS

Exploits0References2

SUSE CVE•added 2026/04/10 11:25 p.m.•4 views

SUSE CVE-2026-39892

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. This vulnerability is fixed in...

5.3CVSS6AI score0.00525EPSS

Exploits0References3

RedhatCVE•added 2026/04/09 9:58 p.m.•5 views

CVE-2026-39892

9.8CVSS6AI score0.00525EPSS

Exploits0References6

PyPA•added 2026/04/08 9:17 p.m.•7 views

PYSEC-2026-36

9.8CVSS5.9AI score0.00525EPSS

Exploits0References2Affected Software1

NVD•added 2026/04/08 9:17 p.m.•3 views

CVE-2026-39892

9.8CVSS0.00525EPSS

Exploits0References2

OSV•added 2026/04/08 9:17 p.m.•5 views

PYSEC-2026-36

9.8CVSS5.9AI score0.00525EPSS

Exploits0References2

UbuntuCve•added 2026/04/08 9:17 p.m.•2 views

CVE-2026-39892

9.8CVSS6AI score0.00525EPSS

Exploits0References3

CVE•added 2026/04/08 8:49 p.m.•56 views

CVE-2026-39892

CVE-2026-39892 affects the Python package cryptography. From 45.0.0 to before 46.0.7, passing a non-contiguous buffer to APIs that accept Python buffers (e.g., Hash.update()) could cause buffer overflows. The issue is fixed in version 46.0.7. Remediation: upgrade to cryptography 46.0.7 or later.

9.8CVSS6.1AI score0.00525EPSS

Exploits0References2Affected Software1

AlpineLinux•added 2026/04/08 8:49 p.m.•3 views

CVE-2026-39892

9.8CVSS6.1AI score0.00525EPSS

Exploits0

Cvelist•added 2026/04/08 8:49 p.m.•18 views

CVE-2026-39892 cryptography has a buffer overflow if non-contiguous buffers were passed to APIs

6.9CVSS0.00525EPSS

Exploits0References1

Debian CVE•added 2026/04/08 8:49 p.m.•3 views

CVE-2026-39892

9.8CVSS5.5AI score0.00525EPSS

Exploits0

EUVD•added 2026/04/08 7:23 p.m.•4 views

EUVD-2026-20640

Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs...

6.9CVSS6.2AI score0.00525EPSS

Exploits0References1

OSV•added 2026/04/08 7:23 p.m.•2 views

GHSA-P423-J2CM-9VMQ Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs

If a non-contiguous buffer was passed to APIs which accepted Python buffers e.g. Hash.update, this could lead to buffer overflows. For example: python h = HashSHA256 b.updatebuf::-1 would read past the end of the buffer on Python 3.11...

6.9CVSS6AI score0.00525EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by