Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Cryptography Project Security Vulnerabilities

cve
cve

CVE-2020-36242

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

9.1CVSS

9.2AI Score

0.008EPSS

2021-02-07 08:15 PM
335
6
cve
cve

CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to ...

6.5CVSS

6.7AI Score

0.001EPSS

2023-02-07 09:15 PM
243
cve
cve

CVE-2023-38325

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

7.5CVSS

7.5AI Score

0.001EPSS

2023-07-14 08:15 PM
463
cve
cve

CVE-2023-49083

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Serv...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-29 07:15 PM
74