Vulnerabilities > Dlitz

DATE CVE VULNERABILITY TITLE RISK
2018-02-03 CVE-2018-6594 Inadequate Encryption Strength vulnerability in multiple products
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack).
network
low complexity
dlitz debian canonical CWE-326
7.5
2017-02-15 CVE-2013-7459 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
network
low complexity
dlitz fedoraproject CWE-119
critical
9.8