Vulnerabilities > Use of Insufficiently Random Values
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-19 | CVE-2018-18425 | Use of Insufficiently Random Values vulnerability in Primeo Project Primeo The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. | 6.5 |
2019-05-22 | CVE-2019-6821 | Use of Insufficiently Random Values vulnerability in Schneider-Electric products CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. | 6.5 |
2019-05-09 | CVE-2019-11840 | Use of Insufficiently Random Values vulnerability in multiple products An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. | 5.9 |
2019-05-03 | CVE-2019-11690 | Use of Insufficiently Random Values vulnerability in Denx U-Boot gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device. | 5.9 |
2019-05-01 | CVE-2019-11641 | Use of Insufficiently Random Values vulnerability in Anomali Agave Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system. | 7.5 |
2019-04-26 | CVE-2019-11219 | Use of Insufficiently Random Values vulnerability in Ilnkp2P Project Ilnkp2P The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices. | 8.2 |
2019-04-09 | CVE-2019-3795 | Use of Insufficiently Random Values vulnerability in multiple products Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. | 5.3 |
2019-03-27 | CVE-2019-9863 | Use of Insufficiently Random Values vulnerability in Abus products Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. | 9.8 |
2019-03-27 | CVE-2019-5420 | Use of Insufficiently Random Values vulnerability in multiple products A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. | 9.8 |
2019-03-21 | CVE-2019-9898 | Use of Insufficiently Random Values vulnerability in multiple products Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | 9.8 |