Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2024-06-05 CVE-2024-5149 Use of Insufficiently Random Values vulnerability in Themekraft Buddyforms
The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code.
network
low complexity
themekraft CWE-330
5.3
2024-02-05 CVE-2024-0761 Use of Insufficiently Random Values vulnerability in Webdesi9 File Manager
The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits.
network
low complexity
webdesi9 CWE-330
7.5
2024-01-19 CVE-2024-23688 Use of Insufficiently Random Values vulnerability in Consensys Discovery
Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session.
network
low complexity
consensys CWE-330
5.3
2024-01-03 CVE-2023-46740 Use of Insufficiently Random Values vulnerability in Linuxfoundation Cubefs
CubeFS is an open-source cloud-native file storage system.
network
low complexity
linuxfoundation CWE-330
critical
9.8
2024-01-02 CVE-2023-32831 Use of Insufficiently Random Values vulnerability in Mediatek Software Development KIT
In wlan driver, there is a possible PIN crack due to use of insufficiently random values.
local
low complexity
mediatek CWE-330
5.5
2023-12-29 CVE-2023-4462 Use of Insufficiently Random Values vulnerability in Poly products
A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601.
network
high complexity
poly CWE-330
5.9
2023-11-30 CVE-2023-6376 Use of Insufficiently Random Values vulnerability in Henschen Court Document Management
Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.
network
low complexity
henschen CWE-330
7.5
2023-11-16 CVE-2023-48056 Use of Insufficiently Random Values vulnerability in Bandoche Pypinksign 0.5.1
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption.
network
low complexity
bandoche CWE-330
7.5
2023-10-10 CVE-2020-27213 Use of Insufficiently Random Values vulnerability in Ethernut Nut/Os 5.1
An issue was discovered in Ethernut Nut/OS 5.1.
network
low complexity
ethernut CWE-330
7.5
2023-10-10 CVE-2020-27630 Use of Insufficiently Random Values vulnerability in Silabs Uc/Tcp-Ip 3.6.0
In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.
network
low complexity
silabs CWE-330
critical
9.8