Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-15 | CVE-2019-0007 | Use of Insufficiently Random Values vulnerability in Juniper Junos 15.1 The vMX Series software uses a predictable IP ID Sequence Number. | 7.5 |
| 2018-12-31 | CVE-2018-18602 | Use of Insufficiently Random Values vulnerability in Guardzilla products The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. | 5.0 |
| 2018-12-26 | CVE-2018-17987 | Use of Insufficiently Random Values vulnerability in Hashheroes The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile. | 5.0 |
| 2018-12-10 | CVE-2018-1279 | Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. | 3.3 |
| 2018-12-09 | CVE-2018-19983 | Use of Insufficiently Random Values vulnerability in Silabs Z-Wave S0 Firmware and Z-Wave S2 Firmware An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. | 6.1 |
| 2018-10-19 | CVE-2018-18531 | Use of Insufficiently Random Values vulnerability in Kaptcha Project Kaptcha 2.3.2 text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | 5.0 |
| 2018-10-16 | CVE-2018-18375 | Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | 5.0 |
| 2018-10-12 | CVE-2018-17888 | Use of Insufficiently Random Values vulnerability in Nuuo CMS 3.1 NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | 7.5 |
| 2018-08-30 | CVE-2018-16239 | Use of Insufficiently Random Values vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 5.0 |
| 2018-08-23 | CVE-2018-15807 | Use of Insufficiently Random Values vulnerability in Posim EVO 15.13 POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. | 4.6 |