GHSA-CRXP-CHH4-9GHP Jervis has Deterministic AES IV Derivation from Passphrase

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL866-L874...

CVE-2024-53845 AES/CBC Constant IV Vulnerability in ESPTouch v2

ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV Initialization Vector prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant...

SUSE CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential "two time pad attack"...

IV Collision

github.com/bincyber/go-sqlcrypter is vulnerable to IV Collision. The vulnerability is due to using a random IV, which can exceed the safe limit of encrypting plaintext above 2^32 in size under the same key as stated by NIST SP 800-38D, potentially allowing attackers to decrypt messages if IV...

PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

PYSEC-2023-245

PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining CBC mode in AES encryption. This vulnerability can lead to the disclosure of information and communications...

SUSE CVE-2006-0898

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...

wolfSSL security feature issue vulnerability

Wolfssl CyaSSL is a small, portable embedded SSL programming library for use by embedded system developers from Wolfssl USA. wolfSSL has a security vulnerability that stems from the use of non-random IV values for x prior to 5.1.1 under certain circumstances. This affects AES-CBC or DES3...

DEBIAN-CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

Information disclosure

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations. This affects connections without AEAD using AES-CBC or DES3 with TLS 1.1 or 1.2 or DTLS 1.1 or 1.2. This occurs because of misplaced memory initialization in BuildMessage in internal.c...

CVE-2022-23408

CVE-2022-23408 affects wolfSSL 5.x before 5.1.1, where non-random IV values are used in certain situations. The vulnerability arises from misplaced memory initialization in BuildMessage in internal.c, impacting connections that do not use AEAD and rely on AES-CBC or DES3 with TLS 1.1/1.2 or DTLS ...

CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...

Code injection

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...

CVE-2021-26322

Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”...

perl-Crypt-CBC weaker encryption with some ciphers

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector IV of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael...