Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-02 | CVE-2019-7860 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. | 7.5 |
| 2019-08-02 | CVE-2019-7855 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Magento A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation. | 5.3 |
| 2019-05-28 | CVE-2019-5440 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Revive-Adserver Revive Adserver Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. | 8.1 |
| 2019-05-09 | CVE-2019-11842 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Matrix Sydent and Synapse An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. | 7.5 |
| 2019-05-07 | CVE-2019-11808 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ratpack Project Ratpack Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. | 3.7 |
| 2018-11-13 | CVE-2018-15795 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Pivotal Software Credhub Service Broker 1.0.0/1.0.1/1.0.2 Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. | 8.1 |
| 2018-10-23 | CVE-2018-17968 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Ruletkaio A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. | 7.5 |
| 2018-10-23 | CVE-2018-17877 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Greedy599 Greedy 599 A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. | 7.5 |
| 2018-09-24 | CVE-2018-12975 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptosaga The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read with a getStorageAt call). | 7.5 |
| 2018-09-20 | CVE-2018-5871 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected. | 6.5 |