PT-2023-27931 · Sap · S/4Hana

Name of the Vulnerable Software and Affected Versions: S4 HANA versions 102 through 107 Description: The OData service of the S4 HANA, specifically in the Manage checkbook apps, allows an attacker to change the checkbook name by simulating an update OData call. Recommendations: For versions 102...

CentOS 8 : python-cryptography (CESA-2021:1608)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1608 advisory. - python-cryptography: bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 - python-cryptography: certain sequences of update cal...

python-cryptography: Large inputs for symmetric encryption can trigger integer overflow leading to buffer overflow

A buffer-overflow flaw was found in the python-cryptography package. In certain sequences of update calls when symmetrically encrypting very large payloads 2GB could result in an integer overflow, leading to buffer overflows. Note: This fix is a workaround for the OpenSSL CVE-2021-23840 flaw...

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. When certain sequences of update calls with large values multiple GBs for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of...

PYSEC-2021-63

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class...

PT-2021-7287

Name of the Vulnerable Software and Affected Versions cryptography versions prior to 3.3.2 Description The issue is related to an integer overflow in the cryptography package for Python. This overflow can occur when certain sequences of update calls are made to symmetrically encrypt multi-GB...