Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10560 | 1 Opensource-socialnetwork | 1 Open Source Social Network | 2021-07-21 | 5.9 Medium |
| An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the SiteKey to insert into a crafted URL for components/OssnComments/ossn_com.php and/or libraries/ossn.lib.upgrade.php. | ||||
| CVE-2019-14480 | 1 Adremsoft | 1 Netcrunch | 2021-07-21 | 9.8 Critical |
| AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges. | ||||
| CVE-2019-7855 | 1 Magento | 1 Magento | 2021-07-21 | N/A |
| A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | ||||
| CVE-2019-7860 | 1 Magento | 1 Magento | 2021-07-21 | N/A |
| A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | ||||
| CVE-2021-34430 | 1 Eclipse | 1 Tinydtls | 2021-07-12 | 7.5 High |
| Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. | ||||
| CVE-2021-0131 | 1 Intel | 219 Secl-dc, Xeon Bronze 3104, Xeon Bronze 3106 and 216 more | 2021-06-21 | 6.5 Medium |
| Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2021-3538 | 1 Go.uuid Project | 1 Go.uuid | 2021-06-14 | 9.8 Critical |
| A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. | ||||
| CVE-2008-3280 | 1 Openid | 1 Openid | 2021-05-27 | 5.9 Medium |
| It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. | ||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 5.3 Medium |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | ||||
| CVE-2020-28642 | 1 Infinitewp | 1 Infinitewp | 2020-11-30 | 9.8 Critical |
| In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. | ||||
| CVE-2019-19794 | 1 Miekg-dns Project | 1 Miekg-dns | 2020-01-02 | 5.9 Medium |
| The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | ||||
| CVE-2019-8113 | 1 Magento | 1 Magento | 2019-11-07 | 5.3 Medium |
| Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | ||||
| CVE-2012-6124 | 1 Call-cc | 1 Chicken | 2019-11-06 | 5.3 Medium |
| A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | ||||
| CVE-2019-5440 | 1 Revive-adserver | 1 Revive Adserver | 2019-10-09 | N/A |
| Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header. | ||||
| CVE-2018-15795 | 1 Pivotal Software | 1 Credhub Service Broker | 2019-10-09 | N/A |
| Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service. | ||||
| CVE-2017-16028 | 1 Randomatic Project | 1 Randomatic | 2019-10-09 | N/A |
| react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()). | ||||
| CVE-2018-11290 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2019-10-03 | N/A |
| In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use. | ||||
| CVE-2018-11291 | 1 Qualcomm | 72 Ipq8074, Ipq8074 Firmware, Mdm9206 and 69 more | 2019-10-03 | N/A |
| In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN. | ||||
| CVE-2017-8081 | 1 Cagintranetworks | 1 Getsimple Cms | 2019-10-03 | N/A |
| Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce. | ||||
| CVE-2017-5493 | 1 Wordpress | 1 Wordpress | 2019-10-03 | N/A |
| wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site signup or (2) user signup. | ||||