rpm package
suse/python-cryptography&distro=SUSE Linux Micro 6.1
pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Micro%206.1
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34073 | Med | 5.3 | < 42.0.4-slfo.1.1_4.1 | 42.0.4-slfo.1.1_4.1 | Mar 31, 2026 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently | |
| CVE-2026-26007 | — | < 42.0.4-slfo.1.1_3.1 | 42.0.4-slfo.1.1_3.1 | Feb 10, 2026 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke | ||
| CVE-2025-3416 | Low | 3.7 | < 42.0.4-slfo.1.1_2.1 | 42.0.4-slfo.1.1_2.1 | Apr 8, 2025 | A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. |
- affected < 42.0.4-slfo.1.1_4.1fixed 42.0.4-slfo.1.1_4.1
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently
- CVE-2026-26007Feb 10, 2026affected < 42.0.4-slfo.1.1_3.1fixed 42.0.4-slfo.1.1_3.1
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke
- affected < 42.0.4-slfo.1.1_2.1fixed 42.0.4-slfo.1.1_2.1
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.