Vulnerabilities > Use of Insufficiently Random Values
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-09 | CVE-2022-40299 | Use of Insufficiently Random Values vulnerability in Singular In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. | 7.8 |
| 2022-09-01 | CVE-2022-1615 | Use of Insufficiently Random Values vulnerability in multiple products In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | 5.5 |
| 2022-08-15 | CVE-2022-37400 | Use of Insufficiently Random Values vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
| 2022-08-10 | CVE-2022-30629 | Use of Insufficiently Random Values vulnerability in Golang GO Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | 3.1 |
| 2022-08-02 | CVE-2022-29808 | Use of Insufficiently Random Values vulnerability in Quest Kace Systems Management Appliance In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | 7.5 |
| 2022-07-27 | CVE-2022-24406 | Use of Insufficiently Random Values vulnerability in Open-Xchange OX APP Suite 7.10.5/7.10.6 OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls. | 6.5 |
| 2022-07-25 | CVE-2022-26306 | Use of Insufficiently Random Values vulnerability in multiple products LibreOffice supports the storage of passwords for web connections in the user’s configuration database. | 7.5 |
| 2022-07-25 | CVE-2021-23451 | Use of Insufficiently Random Values vulnerability in Otp-Generator Project Otp-Generator The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack. | 9.8 |
| 2022-07-15 | CVE-2022-31157 | Use of Insufficiently Random Values vulnerability in Packback LTI 1.3 Tool Library LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. | 7.5 |
| 2022-07-12 | CVE-2022-33707 | Use of Insufficiently Random Values vulnerability in Samsung Find MY Mobile Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. | 5.3 |