Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2022-04-30 CVE-2021-41993 Use of Insufficiently Random Values vulnerability in Pingidentity Pingid and Pingid Windows Login
A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
high complexity
pingidentity CWE-330
4.8
2022-04-30 CVE-2021-41994 Use of Insufficiently Random Values vulnerability in Pingidentity Pingid and Pingid Windows Login
A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login.
high complexity
pingidentity CWE-330
4.8
2022-04-12 CVE-2022-25752 Use of Insufficiently Random Values vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2.
network
low complexity
siemens CWE-330
critical
9.8
2022-04-11 CVE-2022-27577 Use of Insufficiently Random Values vulnerability in Sick Msc800 Firmware 4.0/4.10
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number.
network
low complexity
sick CWE-330
critical
9.1
2022-04-11 CVE-2022-29035 Use of Insufficiently Random Values vulnerability in Jetbrains Ktor
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations
network
low complexity
jetbrains CWE-330
2.7
2022-04-08 CVE-2022-26851 Use of Insufficiently Random Values vulnerability in Dell EMC Powerscale Onefs
Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability.
network
low complexity
dell CWE-330
critical
9.1
2022-04-07 CVE-2022-22517 Use of Insufficiently Random Values vulnerability in Codesys products
An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets.
network
low complexity
codesys CWE-330
7.5
2022-04-02 CVE-2022-28355 Use of Insufficiently Random Values vulnerability in Scala-Js Scala.Js
randomUUID in Scala.js before 1.10.0 generates predictable values.
network
low complexity
scala-js CWE-330
7.5
2022-03-30 CVE-2021-46010 Use of Insufficiently Random Values vulnerability in Totolink A3100R Firmware 5.9C.4577
Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration.
network
low complexity
totolink CWE-330
8.8
2022-03-14 CVE-2022-26320 Use of Insufficiently Random Values vulnerability in multiple products
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization method.
network
low complexity
rambus fujifilm canon CWE-330
critical
9.1