Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-03 | CVE-2020-16271 | Use of Insufficiently Random Values vulnerability in KEE Keepassrpc The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | 6.4 |
| 2020-07-30 | CVE-2020-16166 | Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. | 3.7 |
| 2020-06-24 | CVE-2020-10274 | Use of Insufficiently Random Values vulnerability in multiple products The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). | 5.5 |
| 2020-06-23 | CVE-2020-4188 | Use of Insufficiently Random Values vulnerability in IBM Security Guardium 10.6/11.1 IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. | 5.0 |
| 2020-06-18 | CVE-2020-14423 | Use of Insufficiently Random Values vulnerability in Convos Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. | 5.0 |
| 2020-06-18 | CVE-2020-14422 | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
| 2020-06-04 | CVE-2020-13817 | Use of Insufficiently Random Values vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. | 5.8 |
| 2020-05-20 | CVE-2020-5365 | Use of Insufficiently Random Values vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. | 5.0 |
| 2020-05-14 | CVE-2020-5408 | Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. | 4.0 |
| 2020-05-13 | CVE-2020-9502 | Use of Insufficiently Random Values vulnerability in Dahuasecurity products Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. | 7.5 |