EUVD-2017-0161

Malware in sbrugna...

GHSA-4C4W-3Q45-HP9J Aescrypt does not sufficiently use random values

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

Aescrypt does not sufficiently use random values

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

Insecure Encryption

aescrypt uses a vulnerable encryption method. The method is vulnerable because it does not randomize the CBC IV when encrypting and decrypting data. This allows attackers to easily defeat the cryptographic mechanism by guessing the CBC IV...

CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

CVE-2013-7463

The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack...

CVE-2013-7463

The CVE refers to the aescrypt gem (Ruby) version 1.0.0, where CBC IVs are not randomized for AESCrypt.encrypt and AESCrypt.decrypt. This omission enables a chosen-plaintext attack that defeats cryptographic protection. The NVD entry lists CVSS v3.0 base score 7.5 (HIGH) with network attack, no p...

Mandriva Linux Security Advisory : python (MDVSA-2012:097)

Multiple vulnerabilities has been discovered and corrected in python : The ssl module would always disable the CBC IV attack countermeasure CVE-2011-3389. A race condition was found in the way the Python distutils module set file permissions during the creation of the .pypirc file. If a local use...

Mandriva Update for curl MDVSA-2012:058 (curl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for curl MDVSA-2012:058 (curl)

Check for the Version of curl OpenVAS Vulnerability Test Mandriva Update for curl MDVSA-2012:058 curl Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for python MDVSA-2012:096 (python)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Linux Security Advisory : curl (MDVSA-2012:058)

Multiple vulnerabilities has been found and corrected in curl : curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem CVE-2011-3389. curl is vulnerable to a data injection attack for certain protocols...

CURL-CVE-2011-3389 SSL CBC IV vulnerability

curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. This vulnerability has been identified CVE-2011-3389 aka the "BEAST" attack and is addressed by OpenSSL already as they have made a workaround to mitigate the problem. When doing so, they figured out...