Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-17 | CVE-2020-25705 | Use of Insufficiently Random Values vulnerability in multiple products A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. | 7.4 |
| 2020-10-27 | CVE-2020-27180 | Use of Insufficiently Random Values vulnerability in Konzept-Ix Publixone konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | 7.5 |
| 2020-10-26 | CVE-2020-27743 | Use of Insufficiently Random Values vulnerability in PAM Tacplus Project PAM Tacplus libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). | 9.8 |
| 2020-10-06 | CVE-2020-1905 | Use of Insufficiently Random Values vulnerability in Whatsapp Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated. | 3.3 |
| 2020-09-25 | CVE-2020-26107 | Use of Insufficiently Random Values vulnerability in Cpanel cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | 7.5 |
| 2020-09-17 | CVE-2020-0407 | Use of Insufficiently Random Values vulnerability in Google Android In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. | 4.4 |
| 2020-09-14 | CVE-2020-13304 | Use of Insufficiently Random Values vulnerability in Gitlab A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. | 7.2 |
| 2020-08-17 | CVE-2020-1472 | Use of Insufficiently Random Values vulnerability in multiple products An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). | 5.5 |
| 2020-08-03 | CVE-2020-16271 | Use of Insufficiently Random Values vulnerability in KEE Keepassrpc The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | 9.1 |
| 2020-07-30 | CVE-2020-16166 | Use of Insufficiently Random Values vulnerability in multiple products The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. | 3.7 |