Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2019-03-21 CVE-2019-5885 Use of Insufficiently Random Values vulnerability in multiple products
Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users.
network
low complexity
matrix fedoraproject CWE-330
7.5
2019-03-06 CVE-2019-1543 Use of Insufficiently Random Values vulnerability in Openssl
ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation.
network
high complexity
openssl CWE-330
7.4
2019-03-05 CVE-2019-0729 Use of Insufficiently Random Values vulnerability in Microsoft Java Software Development KIT
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.
network
low complexity
microsoft CWE-330
critical
9.8
2019-02-28 CVE-2019-1997 Use of Insufficiently Random Values vulnerability in Google Android
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value.
network
low complexity
google CWE-330
7.5
2019-02-19 CVE-2018-20025 Use of Insufficiently Random Values vulnerability in Codesys products
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
network
low complexity
codesys CWE-330
7.5
2019-02-18 CVE-2019-8919 Use of Insufficiently Random Values vulnerability in Seafile Seadroid
The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
network
low complexity
seafile CWE-330
7.5
2019-01-15 CVE-2019-0007 Use of Insufficiently Random Values vulnerability in Juniper Junos 15.1
The vMX Series software uses a predictable IP ID Sequence Number.
network
low complexity
juniper CWE-330
critical
10.0
2018-12-31 CVE-2018-18602 Use of Insufficiently Random Values vulnerability in Guardzilla products
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
network
low complexity
guardzilla CWE-330
critical
9.8
2018-12-26 CVE-2018-17987 Use of Insufficiently Random Values vulnerability in Hashheroes
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.
network
low complexity
hashheroes CWE-330
7.5
2018-12-10 CVE-2018-1279 Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster.
low complexity
pivotal-software CWE-330
6.5