Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2020-05-04 CVE-2020-8792 Use of Insufficiently Random Values vulnerability in Oklok Project Oklok 3.1.1
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue.
network
low complexity
oklok-project CWE-330
5.3
2020-04-27 CVE-2020-12270 Use of Insufficiently Random Values vulnerability in Bluezone 1.0.0
React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs.
low complexity
bluezone CWE-330
6.5
2020-04-17 CVE-2020-11877 Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption.
network
low complexity
zoom CWE-330
7.5
2020-04-03 CVE-2020-11501 Use of Insufficiently Random Values vulnerability in multiple products
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS.
network
high complexity
gnu debian opensuse canonical fedoraproject CWE-330
7.4
2020-03-23 CVE-2020-10870 Use of Insufficiently Random Values vulnerability in Zim-Wiki ZIM
Zim through 0.72.1 creates temporary directories with predictable names.
local
low complexity
zim-wiki CWE-330
5.5
2020-03-17 CVE-2019-20494 Use of Insufficiently Random Values vulnerability in Cpanel
In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525).
local
low complexity
cpanel CWE-330
3.3
2020-03-16 CVE-2019-19135 Use of Insufficiently Random Values vulnerability in Opcfoundation Netstandard.Opc.Ua and Ua-.Netstandard
In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network.
network
high complexity
opcfoundation CWE-330
7.4
2020-03-11 CVE-2019-9102 Use of Insufficiently Random Values vulnerability in Moxa products
An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1.
network
low complexity
moxa CWE-330
8.8
2020-03-10 CVE-2019-12434 Use of Insufficiently Random Values vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11.
network
low complexity
gitlab CWE-330
4.3
2020-03-05 CVE-2019-2317 Use of Insufficiently Random Values vulnerability in Qualcomm products
The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150
network
low complexity
qualcomm CWE-330
critical
9.8