Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33738 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 7.5 High |
| OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal | ||||
| CVE-2022-26943 | 1 Motorola | 4 Mtm5400, Mtm5400 Firmware, Mtm5500 and 1 more | 2024-11-21 | 8.8 High |
| The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400. | ||||
| CVE-2022-26779 | 1 Apache | 1 Cloudstack | 2024-11-21 | 7.5 High |
| Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack. | ||||
| CVE-2022-20817 | 1 Cisco | 22 Ata 187 Analog Telephone Adapter, Ata 187 Analog Telephone Adapter Firmware, Unified Ip Phone 6911 and 19 more | 2024-11-21 | 7.4 High |
| A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability. | ||||
| CVE-2021-45489 | 1 Netbsd | 1 Netbsd | 2024-11-21 | 7.5 High |
| In NetBSD through 9.2, the IPv6 Flow Label generation algorithm employs a weak cryptographic PRNG. | ||||
| CVE-2021-45484 | 1 Netbsd | 1 Netbsd | 2024-11-21 | 7.5 High |
| In NetBSD through 9.2, the IPv6 fragment ID generation algorithm employs a weak cryptographic PRNG. | ||||
| CVE-2021-3990 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 6.5 Medium |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | ||||
| CVE-2021-3678 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 5.9 Medium |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | ||||
| CVE-2021-3538 | 1 Satori | 1 Uuid | 2024-11-21 | 9.8 Critical |
| A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. | ||||
| CVE-2021-3047 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.2 Medium |
| A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted. | ||||
| CVE-2021-37553 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used. | ||||
| CVE-2021-36171 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 8.1 High |
| The use of a cryptographically weak pseudo-random number generator in the password reset feature of FortiPortal before 6.0.6 may allow a remote unauthenticated attacker to predict parts of or the whole newly generated password within a given time frame. | ||||
| CVE-2021-34430 | 1 Eclipse | 1 Tinydtls | 2024-11-21 | 7.5 High |
| Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the master key and then decrypt DTLS traffic. | ||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.3 Medium |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | ||||
| CVE-2021-27913 | 1 Acquia | 1 Mautic | 2024-11-21 | 3.5 Low |
| The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0. | ||||
| CVE-2021-23126 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. | ||||
| CVE-2021-22948 | 1 Revive-adserver | 1 Revive Adserver | 2024-11-21 | 7.1 High |
| Vulnerability in the generation of session IDs in revive-adserver < 5.3.0, based on the cryptographically insecure uniqid() PHP function. Under some circumstances, an attacker could theoretically be able to brute force session IDs in order to take over a specific account. | ||||
| CVE-2021-0131 | 1 Intel | 219 Secl-dc, Xeon Bronze 3104, Xeon Bronze 3106 and 216 more | 2024-11-21 | 6.5 Medium |
| Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2020-28924 | 2 Fedoraproject, Rclone | 2 Fedora, Rclone | 2024-11-21 | 7.5 High |
| An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limits the entropy of the passwords enormously. These passwords are often used in the crypt backend for encryption of data. It would be possible to make a dictionary of all possible passwords with about 38 million entries per password length. This would make decryption of secret material possible with a plausible amount of effort. NOTE: all passwords generated by affected versions should be changed. | ||||
| CVE-2020-28642 | 1 Infinitewp | 1 Infinitewp | 2024-11-21 | 9.8 Critical |
| In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks. | ||||