34 matches found
Use of a Broken or Risky Cryptographic Algorithm
Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...
GHSA-CRXP-CHH4-9GHP Jervis has Deterministic AES IV Derivation from Passphrase
Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...
EUVD-2020-1909
Malware in sbrugna...
EUVD-2021-12386
Malware in sbrugna...
EUVD-2021-12340
Malware in sbrugna...
EUVD-2025-20494
Malicious code in bioql PyPI...
CVE-2025-21422
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...
CVE-2025-21422
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...
CVE-2025-21422 Cryptographic Issues in Automotive
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...
CVE-2025-21422 Cryptographic Issues in Automotive
Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...
PT-2025-28430 · Qualcomm · Snapdragon +189
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A cryptographic issue exists while processing crypto API calls. Missing checks may lead to corrupted key usage or IV reuses. Recommendations: At the moment, there is no information about a...
CVE-2021-25444
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process...
CVE-2021-25490
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
CVE-2025-46632
Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...
CVE-2025-46626
Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service...
Samsung Encryption Flaw
Researchers have found a major encryption flaw in 100 million Samsung Galaxy phones. From the abstract: In this work, we expose the cryptographic design and implementation of Androids Hardware-Backed Keystore in Samsungs Galaxy S8, S9, S10, S20, and S21 flagship devices. We reversed-engineered an...
CVE-2021-25490
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
CVE-2021-25490
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
Code injection
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...
CVE-2021-25490
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process...