Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-05 | CVE-2019-2317 | Use of Insufficiently Random Values vulnerability in Qualcomm products The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | 9.8 |
| 2020-03-02 | CVE-2020-1731 | Use of Insufficiently Random Values vulnerability in Redhat Keycloak Operator 8.0.0/8.0.1 A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace. | 9.8 |
| 2020-02-28 | CVE-2020-9449 | Use of Insufficiently Random Values vulnerability in Justblab products An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. | 8.8 |
| 2020-02-05 | CVE-2020-8631 | Use of Insufficiently Random Values vulnerability in multiple products cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | 5.5 |
| 2020-01-29 | CVE-2020-2099 | Use of Insufficiently Random Values vulnerability in Jenkins Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | 8.6 |
| 2020-01-28 | CVE-2013-0294 | Use of Insufficiently Random Values vulnerability in multiple products packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | 5.9 |
| 2020-01-27 | CVE-2018-19441 | Use of Insufficiently Random Values vulnerability in Neatorobotics Botvac Connected Firmware 2.2.0 An issue was discovered in Neato Botvac Connected 2.2.0. | 4.7 |
| 2020-01-20 | CVE-2020-7241 | Use of Insufficiently Random Values vulnerability in Wpseeds WP Database Backup The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. | 7.5 |
| 2020-01-16 | CVE-2019-18282 | Use of Insufficiently Random Values vulnerability in multiple products The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. | 5.3 |
| 2020-01-15 | CVE-2012-1562 | Use of Insufficiently Random Values vulnerability in Joomla Joomla! Joomla! core before 2.5.3 allows unauthorized password change. | 7.5 |