Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2020-06-23 CVE-2020-4188 Use of Insufficiently Random Values vulnerability in IBM Security Guardium 10.6/11.1
IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers.
network
low complexity
ibm CWE-330
5.3
2020-06-18 CVE-2020-14423 Use of Insufficiently Random Values vulnerability in Convos
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm.
network
low complexity
convos CWE-330
5.3
2020-06-18 CVE-2020-14422 Use of Insufficiently Random Values vulnerability in multiple products
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
network
high complexity
opensuse python fedoraproject oracle CWE-330
5.9
2020-06-11 CVE-2020-12712 Use of Insufficiently Random Values vulnerability in Sos-Berlin Jobscheduler
A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile.
network
low complexity
sos-berlin CWE-330
7.5
2020-06-04 CVE-2020-13817 Use of Insufficiently Random Values vulnerability in multiple products
ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets.
network
high complexity
ntp netapp opensuse fujitsu CWE-330
7.4
2020-05-20 CVE-2020-5365 Use of Insufficiently Random Values vulnerability in Dell EMC Isilon Onefs
Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability.
network
low complexity
dell CWE-330
7.5
2020-05-18 CVE-2020-11551 Use of Insufficiently Random Values vulnerability in Netgear Rbs50Y Firmware, Srr60 Firmware and Srs60 Firmware
An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106.
low complexity
netgear CWE-330
8.8
2020-05-18 CVE-2020-12858 Use of Insufficiently Random Values vulnerability in Health Covidsafe 1.0.11/1.0.16/1.0.17
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons.
network
low complexity
health CWE-330
7.5
2020-05-14 CVE-2020-5408 Use of Insufficiently Random Values vulnerability in multiple products
Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor.
network
low complexity
pivotal-software vmware CWE-330
6.5
2020-05-13 CVE-2020-9502 Use of Insufficiently Random Values vulnerability in Dahuasecurity products
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities.
network
low complexity
dahuasecurity CWE-330
critical
9.8