Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2020-11-17 CVE-2020-27556 Use of Insufficiently Random Values vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921
A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.
network
low complexity
basetech CWE-330
5.3
2020-10-27 CVE-2020-27180 Use of Insufficiently Random Values vulnerability in Konzept-Ix Publixone
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
network
low complexity
konzept-ix CWE-330
7.5
2020-10-26 CVE-2020-27743 Use of Insufficiently Random Values vulnerability in PAM Tacplus Project PAM Tacplus
libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes().
network
low complexity
pam-tacplus-project CWE-330
critical
9.8
2020-10-06 CVE-2020-1905 Use of Insufficiently Random Values vulnerability in Whatsapp
Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.
local
low complexity
whatsapp CWE-330
3.3
2020-09-25 CVE-2020-26107 Use of Insufficiently Random Values vulnerability in Cpanel
cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).
network
low complexity
cpanel CWE-330
7.5
2020-09-17 CVE-2020-0407 Use of Insufficiently Random Values vulnerability in Google Android
In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits.
local
low complexity
google CWE-330
4.4
2020-09-14 CVE-2020-13304 Use of Insufficiently Random Values vulnerability in Gitlab
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4.
network
low complexity
gitlab CWE-330
7.2
2020-08-03 CVE-2020-16271 Use of Insufficiently Random Values vulnerability in KEE Keepassrpc
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
network
low complexity
kee CWE-330
critical
9.1
2020-07-30 CVE-2020-16166 Use of Insufficiently Random Values vulnerability in multiple products
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c.
3.7
2020-06-24 CVE-2020-10274 Use of Insufficiently Random Values vulnerability in multiple products
The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws).
7.1