Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-27 | CVE-2020-12270 | Use of Insufficiently Random Values vulnerability in Bluezone 1.0.0 React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs. | 6.5 |
| 2020-04-17 | CVE-2020-11877 | Use of Insufficiently Random Values vulnerability in Zoom Meetings 4.6.11 airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. | 7.5 |
| 2020-04-03 | CVE-2020-11501 | Use of Insufficiently Random Values vulnerability in multiple products GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. | 7.4 |
| 2020-03-10 | CVE-2019-12434 | Use of Insufficiently Random Values vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 10.6 through 11.11. | 4.0 |
| 2020-03-05 | CVE-2019-2317 | Use of Insufficiently Random Values vulnerability in Qualcomm products The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | 5.0 |
| 2020-03-02 | CVE-2020-1731 | Use of Insufficiently Random Values vulnerability in Redhat Keycloak Operator 8.0.0/8.0.1 A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace. | 9.8 |
| 2020-02-28 | CVE-2020-9449 | Use of Insufficiently Random Values vulnerability in Justblab products An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. | 6.5 |
| 2020-02-05 | CVE-2020-8631 | Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | 2.1 |
| 2020-01-29 | CVE-2020-2099 | Use of Insufficiently Random Values vulnerability in Jenkins Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | 8.6 |
| 2020-01-28 | CVE-2013-0294 | Use of Insufficiently Random Values vulnerability in multiple products packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | 4.3 |