Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2017-06-30 CVE-2017-7901 Use of Insufficiently Random Values vulnerability in Rockwellautomation products
A Predictable Value Range from Previous Values issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions.
network
low complexity
rockwellautomation CWE-330
8.6
2017-06-30 CVE-2017-6026 Use of Insufficiently Random Values vulnerability in Schneider-Electric Modicon M241 Firmware and Modicon M251 Firmware
A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11.
network
low complexity
schneider-electric CWE-330
critical
9.1
2017-04-19 CVE-2013-7463 Use of Insufficiently Random Values vulnerability in Aescrypt Project Aescrypt 1.0.0
The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack.
network
low complexity
aescrypt-project CWE-330
7.5
2017-04-05 CVE-2015-9019 Use of Insufficiently Random Values vulnerability in Xmlsoft Libxslt
In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.
network
low complexity
xmlsoft CWE-330
5.3
2017-02-13 CVE-2016-5100 Use of Insufficiently Random Values vulnerability in Froxlor
Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value.
network
low complexity
froxlor CWE-330
critical
9.8
2016-10-05 CVE-2016-5085 Use of Insufficiently Random Values vulnerability in Animas Onetouch Ping Firmware
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
network
low complexity
animas CWE-330
7.5
2009-06-22 CVE-2009-2158 Use of Insufficiently Random Values vulnerability in Torrenttrader Project Torrenttrader 1.09
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
network
low complexity
torrenttrader-project CWE-330
7.5
2009-01-22 CVE-2009-0255 Use of Insufficiently Random Values vulnerability in multiple products
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
network
low complexity
typo3 debian CWE-330
7.5
2008-11-26 CVE-2008-5162 Use of Insufficiently Random Values vulnerability in Freebsd
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
local
high complexity
freebsd CWE-330
7.0
2008-11-04 CVE-2008-4929 Use of Insufficiently Random Values vulnerability in Mybb 1.4.2
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
network
low complexity
mybb CWE-330
7.5