Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-18 | CVE-2020-12858 | Use of Insufficiently Random Values vulnerability in Health Covidsafe 1.0.11/1.0.16/1.0.17 Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. | 7.5 |
| 2020-05-14 | CVE-2020-5408 | Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. | 6.5 |
| 2020-05-13 | CVE-2020-9502 | Use of Insufficiently Random Values vulnerability in Dahuasecurity products Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. | 9.8 |
| 2020-05-04 | CVE-2020-8792 | Use of Insufficiently Random Values vulnerability in Oklok Project Oklok 3.1.1 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. | 5.3 |
| 2020-04-27 | CVE-2020-12270 | Use of Insufficiently Random Values vulnerability in Bluezone 1.0.0 React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. | 6.5 |
| 2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
| 2020-04-03 | CVE-2020-11501 | Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. | 7.4 |
| 2020-03-23 | CVE-2020-10870 | Use of Insufficiently Random Values vulnerability in Zim-Wiki ZIM Zim through 0.72.1 creates temporary directories with predictable names. | 5.5 |
| 2020-03-17 | CVE-2019-20494 | Use of Insufficiently Random Values vulnerability in Cpanel In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). | 3.3 |
| 2020-03-16 | CVE-2019-19135 | Use of Insufficiently Random Values vulnerability in Opcfoundation Netstandard.Opc.Ua and Ua-.Netstandard In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | 7.4 |