Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 15 results


CVE-2024-26130

Medium priority
Fixed

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a...

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Fixed Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-50782

Medium priority

Some fixes available 5 of 6

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2023-49083

Medium priority
Fixed

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault....

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Fixed Not affected Not affected Not affected
Show less packages

CVE-2023-38325

Medium priority
Not affected

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-23931

Low priority

Some fixes available 3 of 5

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only...

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Not affected Fixed Fixed Vulnerable Not affected
Show less packages

CVE-2020-36242

Medium priority
Not affected

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Not affected Not affected Not affected
Show less packages

CVE-2020-25659

Medium priority
Fixed

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Fixed Fixed Fixed
Show less packages

CVE-2018-10903

Medium priority

Some fixes available 1 of 2

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an...

1 affected packages

python-cryptography

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-cryptography Fixed Not affected
Show less packages

CVE-2018-6594

Medium priority

Some fixes available 5 of 6

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face...

2 affected packages

pycryptodome, python-crypto

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
pycryptodome Fixed Not in release
python-crypto Fixed Fixed
Show less packages

CVE-2013-7459

Medium priority

Some fixes available 3 of 4

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

1 affected packages

python-crypto

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-crypto Fixed
Show less packages