Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2021-12-09 CVE-2021-41694 Use of Insufficiently Random Values vulnerability in Globaldatingsoftware Premiumdatingscript 4.2.7.7
An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php.
network
low complexity
globaldatingsoftware CWE-330
critical
9.8
2021-11-22 CVE-2021-38377 Use of Insufficiently Random Values vulnerability in Open-Xchange OX APP Suite 7.10.5
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
network
low complexity
open-xchange CWE-330
6.1
2021-11-16 CVE-2021-26322 Use of Insufficiently Random Values vulnerability in AMD products
Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”.
network
low complexity
amd CWE-330
7.5
2021-11-08 CVE-2021-28024 Use of Insufficiently Random Values vulnerability in Servicetonic
Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password.
network
low complexity
servicetonic CWE-330
critical
9.8
2021-10-29 CVE-2021-22038 Use of Insufficiently Random Values vulnerability in VMWare Installbuilder
On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory).
network
low complexity
vmware CWE-330
8.8
2021-09-30 CVE-2021-41829 Use of Insufficiently Random Values vulnerability in Zohocorp Manageengine Remote Access Plus
Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key.
network
low complexity
zohocorp CWE-330
7.5
2021-09-15 CVE-2021-41061 Use of Insufficiently Random Values vulnerability in Riot-Os Riot 2021.01
In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots.
local
low complexity
riot-os CWE-330
5.5
2021-09-14 CVE-2021-37186 Use of Insufficiently Random Values vulnerability in Siemens products
A vulnerability has been identified in LOGO! CMR2020 (All versions < V2.2), LOGO! CMR2040 (All versions < V2.2), SIMATIC RTU3010C (All versions < V4.0.9), SIMATIC RTU3030C (All versions < V4.0.9), SIMATIC RTU3031C (All versions < V4.0.9), SIMATIC RTU3041C (All versions < V4.0.9).
low complexity
siemens CWE-330
5.4
2021-08-30 CVE-2021-34646 Use of Insufficiently Random Values vulnerability in Booster for Woocommerce
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are vulnerable to authentication bypass via the process_email_verification function due to a random token generation weakness in the reset_and_mail_activation_link function found in the ~/includes/class-wcj-emails-verification.php file.
network
low complexity
booster CWE-330
critical
9.8
2021-08-19 CVE-2020-35685 Use of Insufficiently Random Values vulnerability in multiple products
An issue was discovered in HCC Nichestack 3.0.
network
low complexity
hcc-embedded siemens CWE-330
critical
9.1