Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-18 | CVE-2024-12432 | The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. | 8.1 |
| 2024-11-21 | CVE-2024-52615 | A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. | 5.3 |
| 2024-08-19 | CVE-2024-6348 | Use of Insufficiently Random Values vulnerability in Nissan-Global Blind Spot Protection Sensor ECU Firmware Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security controls via repeated ECU resets and seed requests. | 7.5 |
| 2024-08-12 | CVE-2024-42164 | Use of Insufficiently Random Values vulnerability in Fiware Keyrock Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa link. | 4.3 |
| 2024-08-12 | CVE-2024-42165 | Use of Insufficiently Random Values vulnerability in Fiware Keyrock Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link. | 5.4 |
| 2024-08-12 | CVE-2024-7659 | Use of Insufficiently Random Values vulnerability in Projectsend A vulnerability, which was classified as problematic, was found in projectsend up to r1605. | 7.5 |
| 2024-07-01 | CVE-2024-21460 | Use of Insufficiently Random Values vulnerability in Qualcomm products Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address space. | 6.5 |
| 2024-06-05 | CVE-2024-5149 | Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. | 5.3 |
| 2024-02-05 | CVE-2024-0761 | Use of Insufficiently Random Values vulnerability in Webdesi9 File Manager The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. | 7.5 |
| 2024-01-19 | CVE-2024-23688 | Use of Insufficiently Random Values vulnerability in Consensys Discovery Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. | 5.3 |