Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2020-03-02 CVE-2020-1731 Use of Insufficiently Random Values vulnerability in Redhat Keycloak Operator 8.0.0/8.0.1
A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.
network
low complexity
redhat CWE-330
critical
9.8
2020-02-28 CVE-2020-9449 Use of Insufficiently Random Values vulnerability in Justblab products
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.
network
low complexity
justblab CWE-330
8.8
2020-02-05 CVE-2020-8631 Use of Insufficiently Random Values vulnerability in multiple products
cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.
local
low complexity
canonical opensuse debian CWE-330
5.5
2020-01-29 CVE-2020-2099 Use of Insufficiently Random Values vulnerability in Jenkins
Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents.
network
low complexity
jenkins CWE-330
8.6
2020-01-28 CVE-2013-0294 Use of Insufficiently Random Values vulnerability in multiple products
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
network
high complexity
pyrad-project fedoraproject CWE-330
5.9
2020-01-27 CVE-2018-19441 Use of Insufficiently Random Values vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0
An issue was discovered in Neato Botvac Connected 2.2.0.
local
high complexity
neatorobotics CWE-330
4.7
2020-01-20 CVE-2020-7241 Use of Insufficiently Random Values vulnerability in Wpseeds WP Database Backup
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/.
network
low complexity
wpseeds CWE-330
7.5
2020-01-16 CVE-2019-18282 Use of Insufficiently Random Values vulnerability in multiple products
The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f.
network
low complexity
linux debian netapp CWE-330
5.3
2020-01-15 CVE-2012-1562 Use of Insufficiently Random Values vulnerability in Joomla Joomla!
Joomla! core before 2.5.3 allows unauthorized password change.
network
low complexity
joomla CWE-330
7.5
2020-01-14 CVE-2020-0644 Use of Insufficiently Random Values vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'.
local
low complexity
microsoft CWE-330
7.8