Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3678 | 1 Showdoc | 1 Showdoc | 2021-08-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |||||
| CVE-2019-7855 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | |||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | |||||
| CVE-2019-7860 | 1 Magento | 1 Magento | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | |||||
| CVE-2020-10560 | 1 Opensource-socialnetwork | 1 Open Source Social Network | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php. | |||||
| CVE-2020-11616 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | |||||
| CVE-2021-34430 | 1 Eclipse | 1 Tinydtls | 2021-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. | |||||
| CVE-2021-0131 | 1 Intel | 219 Secl-dc, Xeon Bronze 3104, Xeon Bronze 3106 and 216 more | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2021-3538 | 1 Go.uuid Project | 1 Go.uuid | 2021-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. | |||||
| CVE-2008-3280 | 1 Openid | 1 Openid | 2021-05-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. | |||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | |||||
| CVE-2020-28642 | 1 Infinitewp | 1 Infinitewp | 2020-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. | |||||
| CVE-2019-19794 | 1 Miekg-dns Project | 1 Miekg-dns | 2020-01-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | |||||
| CVE-2019-8113 | 1 Magento | 1 Magento | 2019-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | |||||
| CVE-2012-6124 | 1 Call-cc | 1 Chicken | 2019-11-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | |||||
| CVE-2019-5440 | 1 Revive-adserver | 1 Revive Adserver | 2019-10-09 | 6.8 MEDIUM | 8.1 HIGH |
| Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header. | |||||
| CVE-2018-15795 | 1 Pivotal Software | 1 Credhub Service Broker | 2019-10-09 | 5.5 MEDIUM | 8.1 HIGH |
| Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. | |||||
| CVE-2017-16028 | 1 Randomatic Project | 1 Randomatic | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()). | |||||
| CVE-2017-5493 | 1 Wordpress | 1 Wordpress | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | |||||
| CVE-2018-5837 | 1 Qualcomm | 56 Ipq8074, Ipq8074 Firmware, Mdm9206 and 53 more | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected. | |||||