Vulnerabilities > Use of Insufficiently Random Values
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-17 | CVE-2020-27556 | Use of Insufficiently Random Values vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921 A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. | 5.3 |
2020-10-27 | CVE-2020-27180 | Use of Insufficiently Random Values vulnerability in Konzept-Ix Publixone konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | 7.5 |
2020-10-26 | CVE-2020-27743 | Use of Insufficiently Random Values vulnerability in PAM Tacplus Project PAM Tacplus libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). | 9.8 |
2020-10-06 | CVE-2020-1905 | Use of Insufficiently Random Values vulnerability in Whatsapp Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated. | 3.3 |
2020-09-25 | CVE-2020-26107 | Use of Insufficiently Random Values vulnerability in Cpanel cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | 7.5 |
2020-09-17 | CVE-2020-0407 | Use of Insufficiently Random Values vulnerability in Google Android In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. | 4.4 |
2020-09-14 | CVE-2020-13304 | Use of Insufficiently Random Values vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 7.2 |
2020-08-03 | CVE-2020-16271 | Use of Insufficiently Random Values vulnerability in KEE Keepassrpc The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | 9.1 |
2020-07-30 | CVE-2020-16166 | Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. | 3.7 |
2020-06-24 | CVE-2020-10274 | Use of Insufficiently Random Values vulnerability in multiple products The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). | 7.1 |