Vulnerabilities > Cryptography IO

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2023-50782 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in the python-cryptography package.
network
low complexity
redhat cryptography-io couchbase CWE-203
7.5
7.5
2023-11-29 CVE-2023-49083 NULL Pointer Dereference vulnerability in Cryptography.Io Cryptography
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
network
low complexity
cryptography-io CWE-476
7.5
7.5
2023-07-14 CVE-2023-38325 Improper Certificate Validation vulnerability in Cryptography.Io Cryptography
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
network
low complexity
cryptography-io CWE-295
7.5
7.5
2023-02-07 CVE-2023-23931 Improper Check for Unusual or Exceptional Conditions vulnerability in Cryptography.Io Cryptography
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
network
low complexity
cryptography-io CWE-754
6.5
6.5
2021-02-07 CVE-2020-36242 Integer Overflow or Wraparound vulnerability in multiple products
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
network
low complexity
cryptography-io fedoraproject oracle CWE-190
critical
 9.1
9.1
2021-01-11 CVE-2020-25659 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
network
high complexity
cryptography-io oracle
5.9
5.9
2017-03-27 CVE-2016-9243 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
network
low complexity
cryptography-io fedoraproject canonical
7.5
7.5