Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-11 | CVE-2023-41879 | Use of Insufficiently Random Values vulnerability in Openmage Magento Magento LTS is the official OpenMage LTS codebase. | 7.5 |
| 2023-09-05 | CVE-2023-34353 | Use of Insufficiently Random Values vulnerability in Openautomationsoftware OAS Platform 18.00.0072 An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. | 7.5 |
| 2023-09-02 | CVE-2023-39979 | Use of Insufficiently Random Values vulnerability in Moxa Mxsecurity 1.0/1.0.1 There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. | 9.8 |
| 2023-08-15 | CVE-2023-4344 | Use of Insufficiently Random Values vulnerability in Broadcom Raid Controller web Interface 51.12.02779 Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection | 9.8 |
| 2023-08-15 | CVE-2023-24478 | Use of Insufficiently Random Values vulnerability in Intel Quartus Prime Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2023-08-04 | CVE-2023-3373 | Use of Insufficiently Random Values vulnerability in Mitsubishielectric Gs21 Firmware and Gt21 Firmware Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. | 9.1 |
| 2023-08-02 | CVE-2023-26451 | Use of Insufficiently Random Values vulnerability in Open-Xchange Appsuite Backend Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. | 7.5 |
| 2023-07-22 | CVE-2023-3247 | Use of Insufficiently Random Values vulnerability in PHP In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. | 4.3 |
| 2023-06-12 | CVE-2023-1898 | Use of Insufficiently Random Values vulnerability in Atlascopco Power Focus 6000 Firmware Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. | 7.5 |
| 2023-06-12 | CVE-2020-36732 | Use of Insufficiently Random Values vulnerability in Crypto-Js Project Crypto-Js The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary. | 5.3 |