Vulnerabilities > Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-20 | CVE-2018-5837 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected. | 7.5 |
| 2018-09-20 | CVE-2018-11291 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN. | 7.5 |
| 2018-09-20 | CVE-2018-11290 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Qualcomm products In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use. | 7.5 |
| 2018-09-18 | CVE-2018-17071 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Lucky9 Lucky9Io The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. | 7.5 |
| 2018-09-07 | CVE-2018-15552 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Theethereumlottery the Ethereum Lottery The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable by the eth.getStorageAt function). | 7.5 |
| 2018-08-29 | CVE-2018-16115 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Lightbend Akka Lightbend Akka 2.5.x before 2.5.16 allows message disclosure and modification because of an RNG error. | 9.1 |
| 2018-08-15 | CVE-2018-12056 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in All-For-One ALL for ONE The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. | 7.5 |
| 2018-08-07 | CVE-2018-12885 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Mycryptochamp The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). | 5.9 |
| 2018-08-03 | CVE-2018-14715 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cryptogs The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. | 7.5 |
| 2018-06-17 | CVE-2018-12454 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in 1000Guess 1000 Guess The _addguess function of a simplelottery smart contract implementation for 1000 Guess, an Ethereum gambling game, generates a random value with publicly readable variables such as the current block information and a private variable (which can be read with a getStorageAt call). | 7.5 |