Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27633 | 1 Butok | 1 Fnet | 2024-09-19 | 9.1 Critical |
| In FNET 4.6.3, TCP ISNs are improperly random. | ||||
| CVE-2020-27634 | 1 Contiki-ng | 1 Contiki-ng | 2024-09-19 | 9.1 Critical |
| In Contiki 4.5, TCP ISNs are improperly random. | ||||
| CVE-2020-27635 | 1 Capgemini | 1 Picotcp | 2024-09-19 | 9.1 Critical |
| In PicoTCP 1.7.0, TCP ISNs are improperly random. | ||||
| CVE-2018-18531 | 1 Kaptcha Project | 1 Kaptcha | 2024-09-17 | N/A |
| text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | ||||
| CVE-2017-1000246 | 1 Pysaml2 Project | 1 Pysaml2 | 2024-09-17 | N/A |
| Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | ||||
| CVE-2020-4188 | 1 Ibm | 1 Security Guardium | 2024-09-17 | 5.3 Medium |
| IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. | ||||
| CVE-2021-23451 | 1 Otp-generator Project | 1 Otp-generator | 2024-09-17 | 6.5 Medium |
| The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. | ||||
| CVE-2018-17888 | 1 Nuuo | 1 Nuuo Cms | 2024-09-17 | N/A |
| NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | ||||
| CVE-2020-35163 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-09-17 | 5.3 Medium |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. | ||||
| CVE-2021-40422 | 1 Swiftsensors | 2 Sg3-1010, Sg3-1010 Firmware | 2024-09-17 | 10 Critical |
| An authentication bypass vulnerability exists in the device password generation functionality of Swift Sensors Gateway SG3-1010. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2017-16028 | 1 Randomatic Project | 1 Randomatic | 2024-09-17 | N/A |
| react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()). | ||||
| CVE-2019-4411 | 1 Ibm | 1 Cognos Controller | 2024-09-17 | 4.3 Medium |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. | ||||
| CVE-2020-5408 | 2 Pivotal Software, Vmware | 2 Spring Security, Spring Security | 2024-09-17 | 6.5 Medium |
| Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. | ||||
| CVE-2021-26322 | 1 Amd | 114 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 111 more | 2024-09-17 | 7.5 High |
| Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. | ||||
| CVE-2018-1279 | 1 Pivotal Software | 1 Rabbitmq | 2024-09-17 | N/A |
| Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on any server in the MQ cluster can use this cookie to gain full control over the entire cluster. | ||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-09-17 | 8.8 High |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | ||||
| CVE-2022-26071 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-09-17 | 7.4 High |
| On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2020-10274 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2024-09-17 | 7.1 High |
| The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). This flaw in combination with CVE-2020-10273 allows any attacker connected to the robot networks (wired or wireless) to exfiltrate all stored data (e.g. indoor mapping images) and associated metadata from the robot's database. | ||||
| CVE-2019-3795 | 2 Debian, Vmware | 2 Debian Linux, Spring Security | 2024-09-17 | 5.3 Medium |
| Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. | ||||
| CVE-2019-1997 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900. | ||||