Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2019-06-19 CVE-2018-18425 Use of Insufficiently Random Values vulnerability in Primeo Project Primeo
The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency.
network
low complexity
primeo-project CWE-330
6.5
2019-05-22 CVE-2019-6821 Use of Insufficiently Random Values vulnerability in Schneider-Electric products
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.
network
low complexity
schneider-electric CWE-330
6.5
2019-05-09 CVE-2019-11840 Use of Insufficiently Random Values vulnerability in multiple products
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576.
network
high complexity
golang debian CWE-330
5.9
2019-05-03 CVE-2019-11690 Use of Insufficiently Random Values vulnerability in Denx U-Boot
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.
network
high complexity
denx CWE-330
5.9
2019-05-01 CVE-2019-11641 Use of Insufficiently Random Values vulnerability in Anomali Agave
Anomali Agave (formerly Drupot) through 1.0.0 fails to avoid fingerprinting by including predictable data and minimal variation in size within HTML templates, giving attackers the ability to detect and avoid this system.
network
low complexity
anomali CWE-330
7.5
2019-04-26 CVE-2019-11219 Use of Insufficiently Random Values vulnerability in Ilnkp2P Project Ilnkp2P
The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
network
low complexity
ilnkp2p-project CWE-330
8.2
2019-04-09 CVE-2019-3795 Use of Insufficiently Random Values vulnerability in multiple products
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance.
network
low complexity
vmware debian CWE-330
5.3
2019-03-27 CVE-2019-9863 Use of Insufficiently Random Values vulnerability in Abus products
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
network
low complexity
abus CWE-330
critical
9.8
2019-03-27 CVE-2019-5420 Use of Insufficiently Random Values vulnerability in multiple products
A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token.
network
low complexity
rubyonrails debian fedoraproject CWE-330
critical
9.8
2019-03-21 CVE-2019-9898 Use of Insufficiently Random Values vulnerability in multiple products
Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71.
network
low complexity
putty fedoraproject debian opensuse netapp CWE-330
critical
9.8