Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2019-09-30 CVE-2019-2294 Use of Insufficiently Random Values vulnerability in Qualcomm products
Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
network
low complexity
qualcomm CWE-330
critical
9.8
2019-09-10 CVE-2019-1549 Use of Insufficiently Random Values vulnerability in Openssl
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG).
network
low complexity
openssl CWE-330
5.3
2019-09-05 CVE-2019-15955 Use of Insufficiently Random Values vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-330
6.5
2019-08-18 CVE-2019-15130 Use of Insufficiently Random Values vulnerability in Humanica Humatrix 7 1.0.0.203/1.0.0.681
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter.
network
low complexity
humanica CWE-330
critical
9.8
2019-08-02 CVE-2019-7886 Use of Insufficiently Random Values vulnerability in Magento
A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2.
network
low complexity
magento CWE-330
7.5
2019-07-19 CVE-2019-12821 Use of Insufficiently Random Values vulnerability in Jisiwei I3 Firmware 2.0
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code.
network
high complexity
jisiwei CWE-330
4.8
2019-07-16 CVE-2019-13603 Use of Insufficiently Random Values vulnerability in Hidglobal Digital Persona U.Are.U 4500 Driver Firmware 5.0.0.5
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5.
network
high complexity
hidglobal CWE-330
5.9
2019-07-15 CVE-2019-1010025 Use of Insufficiently Random Values vulnerability in GNU Glibc
GNU Libc current is affected by: Mitigation bypass.
network
low complexity
gnu CWE-330
5.3
2019-07-03 CVE-2019-6632 Use of Insufficiently Random Values vulnerability in F5 products
On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness.
local
low complexity
f5 CWE-330
5.5
2019-07-01 CVE-2019-7667 Use of Insufficiently Random Values vulnerability in Primasystems Flexair 2.3.38
Prima Systems FlexAir, Versions 2.3.38 and prior.
network
low complexity
primasystems CWE-330
critical
9.8