Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

CVE-2026-25998

strongMan (the management interface for strongSwan) is vulnerable in versions prior to 0.2.0 due to improper encryption of stored credentials in the database. The software used AES-CTR with a global database key and a single IV for all fields, enabling an attacker with database access to recover ...

crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

...

Jervis has Deterministic AES IV Derivation from Passphrase

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...

CVE-2023-31305

Generation of weak and predictable Initialization Vector IV in PMFW Power Management Firmware may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure...

EUVD-2017-0105

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2013-7469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct...

CVE-2025-21422

Cryptographic issue while processing crypto API calls, missing checks may lead to corrupted key usage or IV reuses...

Qualcomm Chipsets 加密问题漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A cryptographic issue vulnerability exists in Qualcomm Chipsets that stems from an encryption issue when handling cryptographic API calls, which could lead to corrupted key usage or IV reuse...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

CVE-2025-46632

Initialization vector IV reuse in the web management portal of the Tenda RX2 Pro 16.03.30.14 may allow an attacker to discern information about or more easily decrypt encrypted messages between client and server...

SUSE CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

The openssl gem for Ruby uses the same initialization vector (IV) in GCM Mode (aes-*-gcm) when the IV is set before the key which makes it easier for context-dependent attackers to bypass the encryption protection mechanism.

...

UBUNTU-CVE-2013-7469

Seafile through 6.2.11 always uses the same Initialization Vector IV with Cipher Block Chaining CBC Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks...

UBUNTU-CVE-2017-1000246

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

PYSEC-2017-26

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...

DEBIAN-CVE-2010-3075

EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations involving recovery of XORed data, as demonstrated by an attack on encrypted data in which the las...