Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-31 | CVE-2022-36045 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Nodebb NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. | 9.8 |
| 2022-07-06 | CVE-2022-33738 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Openvpn Access Server OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal | 7.5 |
| 2022-06-15 | CVE-2022-20817 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. | 7.4 |
| 2022-04-11 | CVE-2022-0828 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download. | 7.5 |
| 2022-03-15 | CVE-2022-26779 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache Cloudstack Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. | 7.5 |
| 2022-03-01 | CVE-2021-36171 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Fortinet Fortiportal The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | 8.1 |
| 2022-02-04 | CVE-2013-20003 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Silabs products Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | 8.3 |
| 2022-01-25 | CVE-2021-43799 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Zulip Zulip is an open-source team collaboration tool. | 9.8 |
| 2021-12-25 | CVE-2021-45484 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. | 7.5 |
| 2021-12-25 | CVE-2021-45489 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Netbsd In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. | 7.5 |