Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2023-09-02 CVE-2023-39979 Use of Insufficiently Random Values vulnerability in Moxa Mxsecurity 1.0/1.0.1/1.1.0
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication.
network
low complexity
moxa CWE-330
critical
9.8
2023-08-15 CVE-2023-4344 Use of Insufficiently Random Values vulnerability in Broadcom Raid Controller web Interface 51.12.02779
Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection
network
low complexity
broadcom CWE-330
critical
9.8
2023-08-15 CVE-2023-24478 Use of Insufficiently Random Values vulnerability in Intel Quartus Prime
Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
intel CWE-330
5.5
2023-08-04 CVE-2023-3373 Use of Insufficiently Random Values vulnerability in Mitsubishielectric Gs21 Firmware and Gt21 Firmware
Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.
network
low complexity
mitsubishielectric CWE-330
critical
9.1
2023-08-02 CVE-2023-26451 Use of Insufficiently Random Values vulnerability in Open-Xchange Appsuite Backend
Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service.
network
low complexity
open-xchange CWE-330
7.5
2023-07-22 CVE-2023-3247 Use of Insufficiently Random Values vulnerability in PHP
In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have.
network
low complexity
php CWE-330
4.3
2023-06-12 CVE-2023-1898 Use of Insufficiently Random Values vulnerability in Atlascopco Power Focus 6000 Firmware
Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers.
network
low complexity
atlascopco CWE-330
7.5
2023-06-12 CVE-2020-36732 Use of Insufficiently Random Values vulnerability in Crypto-Js Project Crypto-Js
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
network
low complexity
crypto-js-project CWE-330
5.3
2023-05-30 CVE-2022-43485 Use of Insufficiently Random Values vulnerability in Honeywell Onewireless Network Wireless Device Manager Firmware R322.1
Use of Insufficiently Random Values in Honeywell OneWireless.
network
low complexity
honeywell CWE-330
6.5
2023-04-19 CVE-2023-30797 Use of Insufficiently Random Values vulnerability in Netflix Lemur
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials.
network
low complexity
netflix CWE-330
7.5