Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-24 | CVE-2020-10274 | Use of Insufficiently Random Values vulnerability in multiple products The access tokens for the REST API are directly derived (sha256 and base64 encoding) from the publicly available default credentials from the Control Dashboard (refer to CVE-2020-10270 for related flaws). | 7.1 |
| 2020-06-23 | CVE-2020-4188 | Use of Insufficiently Random Values vulnerability in IBM Security Guardium 10.6/11.1 IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. | 5.3 |
| 2020-06-18 | CVE-2020-14423 | Use of Insufficiently Random Values vulnerability in Convos Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. | 5.3 |
| 2020-06-18 | CVE-2020-14422 | Use of Insufficiently Random Values vulnerability in multiple products Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. | 5.9 |
| 2020-06-11 | CVE-2020-12712 | Use of Insufficiently Random Values vulnerability in Sos-Berlin Jobscheduler A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile. | 7.5 |
| 2020-06-04 | CVE-2020-13817 | Use of Insufficiently Random Values vulnerability in multiple products ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. | 7.4 |
| 2020-05-20 | CVE-2020-5365 | Use of Insufficiently Random Values vulnerability in Dell EMC Isilon Onefs Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. | 7.5 |
| 2020-05-18 | CVE-2020-11551 | Use of Insufficiently Random Values vulnerability in Netgear Rbs50Y Firmware, Srr60 Firmware and Srs60 Firmware An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. | 8.8 |
| 2020-05-18 | CVE-2020-12858 | Use of Insufficiently Random Values vulnerability in Health Covidsafe 1.0.16 Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. | 7.5 |
| 2020-05-14 | CVE-2020-5408 | Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. | 6.5 |