EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-1494)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2024-1515)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1494)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1515)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6539-1: python-cryptography vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that the python-cryptography Cipher.updateinto function would incorrectly accept objects with immutable buffers. This would result in corrupted output, contrary to expectations. This iss...

USN-6673-1: python-cryptography vulnerabilities | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS1 v1.5. A remote attacker could...

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

Oracle Linux 7 : python-cryptography (ELSA-2024-19480)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-19480 advisory. 3.2.1-1.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143838 Tenable has extracted the preceding description block...

EulerOS Virtualization 2.11.0 : python-cryptography (EulerOS-SA-2024-1447)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1419)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1447)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 7 : python-cryptography (ELSA-2024-12234)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-12234 advisory. 3.2.1-1.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143838 Tenable has extracted the preceding description block...

EulerOS Virtualization 2.11.1 : python-cryptography (EulerOS-SA-2024-1419)

According to the versions of the python-cryptography package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling...

python-cryptography security update

3.2.1-1.0.1 - Fix CVE-2023-49083: NULL-dereference when loading PKCS7 certificates Orabug: 36143838...

CVE-2023-49083 affecting package python-cryptography for versions less than 42.0.5-1

CVE-2023-49083 affecting package python-cryptography for versions less than 42.0.5-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5. A patched version of the package is available...

CVE-2023-50782 affecting package python-cryptography for versions less than 42.0.5-1

CVE-2023-50782 affecting package python-cryptography for versions less than 42.0.5-1. An upgraded version of the package is available that resolves this issue...

Ubuntu: Security Advisory (USN-6673-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...