Total
341 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0407 | 1 Google | 1 Android | 2024-11-21 | 4.4 Medium |
| In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A | ||||
| CVE-2019-9898 | 5 Debian, Fedoraproject, Netapp and 2 more | 5 Debian Linux, Fedora, Oncommand Unified Manager and 2 more | 2024-11-21 | N/A |
| Potential recycling of random numbers used in cryptography exists within PuTTY before 0.71. | ||||
| CVE-2019-9863 | 1 Abus | 6 Secvest Wireless Alarm System Fuaa50000, Secvest Wireless Alarm System Fuaa50000 Firmware, Secvest Wireless Remote Control Fube50014 and 3 more | 2024-11-21 | N/A |
| Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way. | ||||
| CVE-2019-9860 | 1 Abus | 6 Secvest Wireless Alarm System Fuaa50000, Secvest Wireless Alarm System Fuaa50000 Firmware, Secvest Wireless Remote Control Fube50014 and 3 more | 2024-11-21 | N/A |
| Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control (FUBE50014 or FUBE50015) relative to its controlled Secvest wireless alarm system FUAA50000 3.01.01, so that sent commands by the remote control are not accepted anymore. | ||||
| CVE-2019-9102 | 1 Moxa | 12 Mb3170, Mb3170 Firmware, Mb3180 and 9 more | 2024-11-21 | 8.8 High |
| An issue was discovered on Moxa MGate MB3170 and MB3270 devices before 4.1, MB3280 and MB3480 devices before 3.1, MB3660 devices before 2.3, and MB3180 devices before 2.1. A predictable mechanism of generating tokens allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism. | ||||
| CVE-2019-8919 | 1 Seafile | 1 Seadroid | 2024-11-21 | N/A |
| The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks. | ||||
| CVE-2019-7886 | 1 Magento | 1 Magento | 2024-11-21 | N/A |
| A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts. | ||||
| CVE-2019-7667 | 1 Primasystems | 1 Flexair | 2024-11-21 | 9.8 Critical |
| Prima Systems FlexAir, Versions 2.3.38 and prior. The application generates database backup files with a predictable name, and an attacker can use brute force to identify the database backup file name. A malicious actor can exploit this issue to download the database file and disclose login information, which can allow the attacker to bypass authentication and have full access to the system. | ||||
| CVE-2019-6821 | 1 Schneider-electric | 8 Modicon M340, Modicon M340 Firmware, Modicon M580 and 5 more | 2024-11-21 | 6.5 Medium |
| CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum. | ||||
| CVE-2019-6632 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | N/A |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, under certain circumstances, attackers can decrypt configuration items that are encrypted because the vCMP configuration unit key is generated with insufficient randomness. The attack prerequisite is direct access to encrypted configuration and/or UCS files. | ||||
| CVE-2019-5885 | 2 Fedoraproject, Matrix | 2 Fedora, Synapse | 2024-11-21 | N/A |
| Matrix Synapse before 0.34.0.1, when the macaroon_secret_key authentication parameter is not set, uses a predictable value to derive a secret key and other secrets which could allow remote attackers to impersonate users. | ||||
| CVE-2019-5420 | 3 Debian, Fedoraproject, Rubyonrails | 3 Debian Linux, Fedora, Rails | 2024-11-21 | 9.8 Critical |
| A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit. | ||||
| CVE-2019-5232 | 1 Huawei | 6 Vp9630, Vp9630 Firmware, Vp9650 and 3 more | 2024-11-21 | 7.5 High |
| There is a use of insufficiently random values vulnerability in Huawei ViewPoint products. An unauthenticated, remote attacker can guess information by a large number of attempts. Successful exploitation may cause information leak. | ||||
| CVE-2019-4411 | 1 Ibm | 1 Cognos Controller | 2024-11-21 | 4.3 Medium |
| IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 could allow an authenticated user to obtain sensitive information due to easy to guess session identifier names. IBM X-Force ID: 162658. | ||||
| CVE-2019-3795 | 2 Debian, Vmware | 2 Debian Linux, Spring Security | 2024-11-21 | 5.3 Medium |
| Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection. | ||||
| CVE-2019-2317 | 1 Qualcomm | 40 Msm8905, Msm8905 Firmware, Msm8909 and 37 more | 2024-11-21 | 9.8 Critical |
| The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150 | ||||
| CVE-2019-2294 | 1 Qualcomm | 94 Mdm9205, Mdm9205 Firmware, Mdm9206 and 91 more | 2024-11-21 | 9.8 Critical |
| Usage of hard-coded magic number for calculating heap guard bytes can allow users to corrupt heap blocks without heap algorithm knowledge in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | ||||
| CVE-2019-25089 | 1 Muon Project | 1 Muon | 2024-11-21 | 3.1 Low |
| A vulnerability has been found in Morgawr Muon 0.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file src/muon/handler.clj. The manipulation leads to insufficiently random values. The attack can be launched remotely. Upgrading to version 0.2.0-indev is able to address this issue. The name of the patch is c09ed972c020f759110c707b06ca2644f0bacd7f. It is recommended to upgrade the affected component. The identifier VDB-216877 was assigned to this vulnerability. | ||||
| CVE-2019-20494 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.3 Low |
| In cPanel before 82.0.18, Cpanel::Rand::Get can produce a predictable series of numbers (SEC-525). | ||||
| CVE-2019-1997 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900. | ||||