Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-18 | CVE-2019-8919 | Use of Insufficiently Random Values vulnerability in Seafile Seadroid The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | 7.5 |
| 2019-01-15 | CVE-2019-0007 | Use of Insufficiently Random Values vulnerability in Juniper Junos 15.1 The vMX Series software uses a predictable IP ID Sequence Number. | 10.0 |
| 2018-12-31 | CVE-2018-18602 | Use of Insufficiently Random Values vulnerability in Guardzilla products The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring. | 9.8 |
| 2018-12-26 | CVE-2018-17987 | Use of Insufficiently Random Values vulnerability in Hashheroes The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile. | 7.5 |
| 2018-12-10 | CVE-2018-1279 | Use of Insufficiently Random Values vulnerability in Pivotal Software Rabbitmq Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. | 6.5 |
| 2018-12-09 | CVE-2018-19983 | Use of Insufficiently Random Values vulnerability in Silabs Z-Wave S0 Firmware and Z-Wave S2 Firmware An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. | 6.5 |
| 2018-10-19 | CVE-2018-18531 | Use of Insufficiently Random Values vulnerability in Kaptcha Project Kaptcha 2.3.2 text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | 9.8 |
| 2018-10-16 | CVE-2018-18375 | Use of Insufficiently Random Values vulnerability in Orange Airbox Firmware Y858Fl01.1604 goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | 9.8 |
| 2018-10-12 | CVE-2018-17888 | Use of Insufficiently Random Values vulnerability in Nuuo CMS NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | 9.8 |
| 2018-08-30 | CVE-2018-16239 | Use of Insufficiently Random Values vulnerability in Damicms 6.0.1 An issue was discovered in damiCMS V6.0.1. | 9.8 |