Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-19 | CVE-2024-6348 | Use of Insufficiently Random Values vulnerability in Nissan-Global Blind Spot Protection Sensor ECU Firmware Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests. | 7.5 |
| 2024-08-12 | CVE-2024-42164 | Use of Insufficiently Random Values vulnerability in Fiware Keyrock Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | 4.3 |
| 2024-08-12 | CVE-2024-42165 | Use of Insufficiently Random Values vulnerability in Fiware Keyrock Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | 5.4 |
| 2024-08-12 | CVE-2024-7659 | Use of Insufficiently Random Values vulnerability in Projectsend A vulnerability, which was classified as problematic, was found in projectsend up to r1605. | 7.5 |
| 2024-07-01 | CVE-2024-21460 | Use of Insufficiently Random Values vulnerability in Qualcomm products Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. | 6.5 |
| 2024-06-05 | CVE-2024-5149 | Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. | 5.3 |
| 2024-02-05 | CVE-2024-0761 | Use of Insufficiently Random Values vulnerability in Webdesi9 File Manager The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. | 7.5 |
| 2024-01-19 | CVE-2024-23688 | Use of Insufficiently Random Values vulnerability in Consensys Discovery Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. | 5.3 |
| 2024-01-03 | CVE-2023-46740 | Use of Insufficiently Random Values vulnerability in Linuxfoundation Cubefs CubeFS is an open-source cloud-native file storage system. | 9.8 |
| 2024-01-02 | CVE-2023-32831 | Use of Insufficiently Random Values vulnerability in Mediatek Software Development KIT In wlan driver, there is a possible PIN crack due to use of insufficiently random values. | 5.5 |