Vulnerabilities > Use of Insufficiently Random Values

DATE CVE VULNERABILITY TITLE RISK
2022-03-08 CVE-2022-26317 Use of Insufficiently Random Values vulnerability in Mendix
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29).
network
low complexity
mendix CWE-330
6.5
2022-03-03 CVE-2022-22700 Use of Insufficiently Random Values vulnerability in Cyberark Identity
CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'.
network
low complexity
cyberark CWE-330
5.3
2022-03-01 CVE-2021-36166 Use of Insufficiently Random Values vulnerability in Fortinet Fortimail
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to efficiently guess one administrative account's authentication token by means of the observation of certain system's properties.
network
low complexity
fortinet CWE-330
critical
9.8
2022-02-18 CVE-2021-20322 Use of Insufficiently Random Values vulnerability in multiple products
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports.
network
high complexity
linux fedoraproject debian netapp oracle CWE-330
7.4
2022-02-18 CVE-2022-22922 Use of Insufficiently Random Values vulnerability in Tp-Link Tl-Wa850Re Firmware
TP-Link TL-WA850RE Wi-Fi Range Extender before v6_200923 was discovered to use highly predictable and easily detectable session keys, allowing attackers to gain administrative privileges.
network
low complexity
tp-link CWE-330
critical
9.8
2022-02-16 CVE-2021-26726 Use of Insufficiently Random Values vulnerability in Valmet DNA 2012/2021
A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021.
low complexity
valmet CWE-330
8.8
2022-01-25 CVE-2021-36294 Use of Insufficiently Random Values vulnerability in Dell EMC Unity Operating Environment
Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability.
network
low complexity
dell CWE-330
critical
9.8
2022-01-18 CVE-2022-23408 Use of Insufficiently Random Values vulnerability in Wolfssl 5.0.0/5.1.0
wolfSSL 5.x before 5.1.1 uses non-random IV values in certain situations.
network
low complexity
wolfssl CWE-330
critical
9.1
2022-01-06 CVE-2021-45458 Use of Insufficiently Random Values vulnerability in Apache Kylin
Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords.
network
low complexity
apache CWE-330
7.5
2021-12-27 CVE-2021-24998 Use of Insufficiently Random Values vulnerability in Simple JWT Login Project Simple JWT Login
The Simple JWT Login WordPress plugin before 3.3.0 can be used to create new WordPress user accounts with a randomly generated password.
network
low complexity
simple-jwt-login-project CWE-330
7.5