Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2021-26098 | Use of Insufficiently Random Values vulnerability in Fortinet Fortisandbox An instance of small space of random values in the RPC API of FortiSandbox before 4.0.0 may allow an attacker in possession of a few information pieces about the state of the device to possibly predict valid session IDs. | 7.5 |
| 2021-08-02 | CVE-2021-27499 | Use of Insufficiently Random Values vulnerability in Ypsomed Mylife and Mylife Cloud Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-the-middle attackers to tamper with messages. | 5.9 |
| 2021-06-29 | CVE-2021-29480 | Use of Insufficiently Random Values vulnerability in Ratpack Project Ratpack Ratpack is a toolkit for creating web applications. | 3.1 |
| 2021-06-11 | CVE-2021-27200 | Use of Insufficiently Random Values vulnerability in Wowonder 3.0.4 In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. | 9.8 |
| 2021-06-11 | CVE-2021-0466 | Use of Insufficiently Random Values vulnerability in Google Android 10.0 In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. | 7.5 |
| 2021-06-01 | CVE-2021-23020 | Use of Insufficiently Random Values vulnerability in F5 Nginx Controller The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. | 5.5 |
| 2021-05-27 | CVE-2020-10729 | Use of Insufficiently Random Values vulnerability in multiple products A flaw was found in the use of insufficiently random values in Ansible. | 5.5 |
| 2021-04-23 | CVE-2021-26909 | Use of Insufficiently Random Values vulnerability in Automox Automox Agent prior to version 31 uses an insufficiently protected S3 bucket endpoint for storing sensitive files, which could be brute-forced by an attacker to subvert an organization's security program. | 5.3 |
| 2021-04-22 | CVE-2021-25677 | Use of Insufficiently Random Values vulnerability in Siemens products A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). | 5.3 |
| 2021-04-15 | CVE-2021-28055 | Use of Insufficiently Random Values vulnerability in Centreon 20.10.0 An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. | 6.5 |