-
Vulnerable Library - cryptography-37.0.2-cp36-abi3-manylinux_2_24_x86_64.whl
cryptography is a package which provides cryptographic recipes and primitives to Python developers.
Library home page: ht…
-
Vulnerable Library - molecule-3.6.1-py3-none-any.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
## Vulnerabilities
| CVE | Severity | CVSS | Depe…
-
The popular authenticated ciphers AES-GCM and ChaCha/Poly1305 are fast and work well in TLS, but they've seen a variety of issues in incautiously designed systems: [forgery by nonce-disrespecting adve…
-
It would be nice to encrypt the data that is saved in the database.
The threat model here is that someone will either a) get a copy of the database or b) take control of the machines running the se…
-
The concept of "end-to-end security" seems to deserve a more refined consideration. Some inputs
1. Every security protocol actually delivers security between the ends that implement it - no matter …
-
At the moment, ZFS native encryption only supports AES-CCM and AES-GCM (because that's what Solaris supports and because AES is generally more widely trusted for some enterprise deployments as well as…
-
Hi,
we (@jurajsomorovsky @ic0ns @mmaehren @XoMEX @Kavakuo) are performing an analysis of the RFC-compliance of open-source TLS implementations. Below we list our findings for this implementation. We …
-
## CVE-2023-4807 - High Severity Vulnerability
Vulnerable Library - cryptography-36.0.1-cp36-abi3-manylinux_2_24_x86_64.whl
cryptography is a package which provides cryptographic recipes and primiti…
-
## Signal's Double Ratchet Algorithm
> *used by two parties to exchange encrypted messages based on a shared secret key*
The parties derive new keys for every Double Ratchet message so that earlie…
-
## CVE-2023-4807 - High Severity Vulnerability
Vulnerable Library - cryptography-35.0.0-cp36-abi3-manylinux_2_24_x86_64.whl
cryptography is a package which provides cryptographic recipes and primiti…