Total
35 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34600 | 1 Telenot | 1 Compasx | 2024-11-21 | 5.5 Medium |
| Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation. | ||||
| CVE-2021-32033 | 1 Protectimus | 2 Slim Nfc 70, Slim Nfc 70 Firmware | 2024-11-21 | 4.6 Medium |
| Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token. | ||||
| CVE-2021-27211 | 1 Steghide Project | 1 Steghide | 2024-11-21 | 7.5 High |
| steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. | ||||
| CVE-2020-7010 | 1 Elastic | 1 Elastic Cloud On Kubernetes | 2024-11-21 | 7.5 High |
| Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deployed they may be able to more easily brute force the Elasticsearch credentials generated by ECK. | ||||
| CVE-2020-28597 | 1 Epignosishq | 1 Efront | 2024-11-21 | 7.5 High |
| A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice. | ||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | ||||
| CVE-2019-25061 | 1 Random Password Generator Project | 1 Random Password Generator | 2024-11-21 | 7.5 High |
| The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction. | ||||
| CVE-2019-11495 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 9.8 Critical |
| In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potential random seeds that could then be used to brute force the cookie and execute code against a remote system. This has been fixed in version 6.0.0. | ||||
| CVE-2019-10908 | 1 Airsonic Project | 1 Airsonic | 2024-11-21 | N/A |
| In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bruteforced, leading to trivial privilege escalation attacks. | ||||
| CVE-2018-1426 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-11-21 | N/A |
| IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071. | ||||
| CVE-2018-14647 | 6 Canonical, Debian, Fedoraproject and 3 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-11-21 | 7.5 High |
| Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15. | ||||
| CVE-2018-12520 | 1 Ntop | 1 Ntopng | 2024-11-21 | 8.1 High |
| An issue was discovered in ntopng 3.4 before 3.4.180617. The PRNG involved in the generation of session IDs is not seeded at program startup. This results in deterministic session IDs being allocated for active user sessions. An attacker with foreknowledge of the operating system and standard library in use by the host running the service and the username of the user whose session they're targeting can abuse the deterministic random number generation in order to hijack the user's session, thus escalating their access. | ||||
| CVE-2018-12384 | 2 Mozilla, Redhat | 2 Network Security Services, Enterprise Linux | 2024-11-21 | N/A |
| When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. | ||||
| CVE-2016-3735 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 8.1 High |
| Piwigo is image gallery software written in PHP. When a criteria is not met on a host, piwigo defaults to usingmt_rand in order to generate password reset tokens. mt_rand output can be predicted after recovering the seed used to generate it. This low an unauthenticated attacker to take over an account providing they know an administrators email address in order to be able to request password reset. | ||||
| CVE-2012-1577 | 3 Debian, Dietlibc Project, Openbsd | 3 Debian Linux, Dietlibc, Openbsd | 2024-11-21 | 9.8 Critical |
| lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | ||||