Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-09 | CVE-2018-19983 | Use of Insufficiently Random Values vulnerability in Silabs Z-Wave S0 Firmware and Z-Wave S2 Firmware An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. | 6.5 |
| 2018-10-19 | CVE-2018-18531 | Use of Insufficiently Random Values vulnerability in Kaptcha Project Kaptcha 2.3.2 text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | 9.8 |
| 2018-10-16 | CVE-2018-18375 | Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | 9.8 |
| 2018-10-12 | CVE-2018-17888 | Use of Insufficiently Random Values vulnerability in Nuuo CMS NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | 9.8 |
| 2018-08-30 | CVE-2018-16239 | Use of Insufficiently Random Values vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 9.8 |
| 2018-08-23 | CVE-2018-15807 | Use of Insufficiently Random Values vulnerability in Posim EVO 15.13 POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. | 7.8 |
| 2018-07-30 | CVE-2018-13280 | Use of Insufficiently Random Values vulnerability in Synology Diskstation Manager Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors. | 5.9 |
| 2018-07-11 | CVE-2018-11045 | Use of Insufficiently Random Values vulnerability in Pivotal Software Operations Manager Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. | 5.9 |
| 2018-06-04 | CVE-2017-16031 | Use of Insufficiently Random Values vulnerability in Socket Socket.Io Socket.io is a realtime application framework that provides communication via websockets. | 7.5 |
| 2018-05-21 | CVE-2018-1108 | Use of Insufficiently Random Values vulnerability in multiple products kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. | 5.9 |