rpm package

suse/python-cryptography&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-14343	—	< 2.8-7.4.1	2.8-7.4.1	Feb 9, 2021	A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust
CVE-2020-36242	—	< 2.1.4-4.9.2	2.1.4-4.9.2	Feb 7, 2021	In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-25659	—	< 2.8-7.4.1	2.8-7.4.1	Jan 11, 2021	python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CVE-2020-14343Feb 9, 2021
affected < 2.8-7.4.1fixed 2.8-7.4.1
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust
CVE-2020-36242Feb 7, 2021
affected < 2.1.4-4.9.2fixed 2.1.4-4.9.2
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-25659Jan 11, 2021
affected < 2.8-7.4.1fixed 2.8-7.4.1
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.