Vulnerabilities > Use of Insufficiently Random Values
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-04 | CVE-2020-8792 | Use of Insufficiently Random Values vulnerability in Oklok Project Oklok 3.1.1 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. | 5.3 |
2020-04-27 | CVE-2020-12270 | Use of Insufficiently Random Values vulnerability in Bluezone 1.0.0 React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. | 6.5 |
2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
2020-04-03 | CVE-2020-11501 | Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. | 7.4 |
2020-03-23 | CVE-2020-10870 | Use of Insufficiently Random Values vulnerability in Zim-Wiki ZIM Zim through 0.72.1 creates temporary directories with predictable names. | 5.5 |
2020-03-17 | CVE-2019-20494 | Use of Insufficiently Random Values vulnerability in Cpanel In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). | 3.3 |
2020-03-16 | CVE-2019-19135 | Use of Insufficiently Random Values vulnerability in Opcfoundation Netstandard.Opc.Ua and Ua-.Netstandard In OPC Foundation OPC UA .NET Standard codebase 1.4.357.28, servers do not create sufficiently random numbers in OPCFoundation.NetStandard.Opc.Ua before 1.4.359.31, which allows man in the middle attackers to reuse encrypted user credentials sent over the network. | 7.4 |
2020-03-11 | CVE-2019-9102 | Use of Insufficiently Random Values vulnerability in Moxa products An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. | 8.8 |
2020-03-10 | CVE-2019-12434 | Use of Insufficiently Random Values vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. | 4.3 |
2020-03-05 | CVE-2019-2317 | Use of Insufficiently Random Values vulnerability in Qualcomm products The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | 9.8 |