Vulnerabilities > Use of Insufficiently Random Values
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-03-21 | CVE-2019-5885 | Use of Insufficiently Random Values vulnerability in multiple products Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | 7.5 |
2019-03-06 | CVE-2019-1543 | Use of Insufficiently Random Values vulnerability in Openssl ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. | 7.4 |
2019-03-05 | CVE-2019-0729 | Use of Insufficiently Random Values vulnerability in Microsoft Java Software Development KIT An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'. | 9.8 |
2019-02-28 | CVE-2019-1997 | Use of Insufficiently Random Values vulnerability in Google Android In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. | 7.5 |
2019-02-19 | CVE-2018-20025 | Use of Insufficiently Random Values vulnerability in Codesys products Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0. | 7.5 |
2019-02-18 | CVE-2019-8919 | Use of Insufficiently Random Values vulnerability in Seafile Seadroid The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 7.5 |
2019-01-15 | CVE-2019-0007 | Use of Insufficiently Random Values vulnerability in Juniper Junos 15.1 The vMX Series software uses a predictable IP ID Sequence Number. | 10.0 |
2018-12-31 | CVE-2018-18602 | Use of Insufficiently Random Values vulnerability in Guardzilla products The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. | 9.8 |
2018-12-26 | CVE-2018-17987 | Use of Insufficiently Random Values vulnerability in Hashheroes The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile. | 7.5 |
2018-12-10 | CVE-2018-1279 | Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. | 6.5 |