EUVD-2012-0026

Malware in sbrugna...

EUVD-2012-0002

Malware in sbrugna...

EUVD-2013-0027

Malware in sbrugna...

EUVD-2018-0119

Malware in sbrugna...

Medium: python-crypto

Issue Overview: lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...

Linux Distros Unpatched Vulnerability : CVE-2012-2417

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key...

Linux Distros Unpatched Vulnerability : CVE-2018-6594

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by readi...

Photon OS 2.0: Pycrypto PHSA-2018-2.0-0037

An update of the pycrypto package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Amazon Linux 2 : python-crypto (ALASANSIBLE2-2024-011)

It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2024-011 advisory. Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv...

OPENSUSE-SU-2024:10346-1 python-pycrypto-2.6.1-4.8 on GA media

These are all security issues fixed in the python-pycrypto-2.6.1-4.8 package on the GA media of openSUSE Tumbleweed...

RHEL 6 : python-crypto (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - python-crypto: Weak ElGamal key parameters in PublicKey/ElGamal.py allow attackers to obtain sensitive...

Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to several open source vulnerabilites. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2022-1996 DESCRIPTION: go-restful could allow a remote attacker to...

Exploit for CVE-2022-30190

AmzWord an automated attack chain based on CVE-2022-30190, 16...

Security Bulletin: Vulnerability in pycrypto-2.6.1.tar.gz affects IBM Integrated Analytics System [CVE-2013-7459, CVE-2018-6594]

Summary The pycrypto-2.6.1.tar.gz package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addressed the applicable vulnerability CVE-2013-7459, CVE-2018-6594. Vulnerability Details CVEID:CVE-2013-7459 DESCRIPTION: PyCrypto is vulnerable to a heap-based buffer...

Exploit for Out-of-bounds Write in Fortinet Fortios

CVE-2022-42475 Background This is the exploit for the blog...

Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Summary IBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security...

Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System

Summary Multiple vulnerabilities found in follow-redirect, html-parse-stringify2, nth-check, pycrypto affect Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2021-23346 DESCRIPTION: Node.js html-parse-stringify and html-parse-stringify2...

SUSE CVE-2009-0544

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length...

SUSE CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key...

SUSE CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...