Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
lib/Crypto/PublicKey/ElGamal.py in PyCrypto generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data.
The Crypto.Random.atfork function in PyCrypto does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.