Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-27 | CVE-2018-1266 | Use of Insufficiently Random Values vulnerability in Cloudfoundry Capi-Release Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains information disclosure and path traversal vulnerabilities. | 8.1 |
| 2018-02-19 | CVE-2017-16924 | Use of Insufficiently Random Values vulnerability in Zohocorp Manageengine Desktop Central 10.0.137 Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. | 9.8 |
| 2018-01-31 | CVE-2017-15654 | Use of Insufficiently Random Values vulnerability in Asus Asuswrt 3.0.0.4.378/3.0.0.4.380.7743 Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | 8.3 |
| 2017-12-31 | CVE-2017-17704 | Use of Insufficiently Random Values vulnerability in Swhouse Istar Ultra Firmware 6.5.2.20569 A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. | 7.4 |
| 2017-12-29 | CVE-2017-17910 | Use of Insufficiently Random Values vulnerability in Hoermann products On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. | 6.5 |
| 2017-12-02 | CVE-2017-17091 | Use of Insufficiently Random Values vulnerability in Wordpress wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restrictions by entering this string. | 8.8 |
| 2017-12-01 | CVE-2017-10874 | Use of Insufficiently Random Values vulnerability in Ntt-East Pwr-Q200 Firmware PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. | 7.5 |
| 2017-11-30 | CVE-2017-12361 | Use of Insufficiently Random Values vulnerability in Cisco Jabber A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. | 4.0 |
| 2017-11-17 | CVE-2017-1000246 | Use of Insufficiently Random Values vulnerability in Pysaml2 Project Pysaml2 Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | 5.3 |
| 2017-10-17 | CVE-2017-13088 | Use of Insufficiently Random Values vulnerability in multiple products Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Integrity Group Temporal Key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing an attacker within radio range to replay frames from access points to clients. | 5.3 |