Total
353 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5276 | 1 Gnu | 1 Gcc | 2025-04-12 | N/A |
| The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors. | ||||
| CVE-2012-6702 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2025-04-12 | N/A |
| Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | ||||
| CVE-2016-5085 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2025-04-12 | N/A |
| Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. | ||||
| CVE-2022-48195 | 1 Mellium | 1 Sasl | 2025-04-11 | 9.8 Critical |
| An issue was discovered in Mellium mellium.im/sasl before 0.3.1. When performing SCRAM-based SASL authentication, if the remote end advertises support for channel binding, no random nonce is generated (instead, the nonce is empty). This causes authentication to fail in the best case, but (if paired with a remote end that does not validate the length of the nonce) could lead to insufficient randomness being used during authentication. | ||||
| CVE-2013-6925 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | ||||
| CVE-2024-36389 | 2 Canonical, Milesight | 2 Ubuntu Linux, Devicehub | 2025-04-10 | 9.8 Critical |
| MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass | ||||
| CVE-2008-5162 | 1 Freebsd | 1 Freebsd | 2025-04-09 | 7.0 High |
| The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator. | ||||
| CVE-2008-4929 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 High |
| MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames. | ||||
| CVE-2008-4905 | 1 Typosphere | 1 Typo | 2025-04-09 | 7.5 High |
| Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack. | ||||
| CVE-2008-3612 | 1 Apple | 1 Iphone Os | 2025-04-09 | 9.8 Critical |
| The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection. | ||||
| CVE-2009-0255 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2025-04-09 | 7.5 High |
| The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | ||||
| CVE-2008-0087 | 1 Microsoft | 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more | 2025-04-09 | 7.5 High |
| The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | ||||
| CVE-2008-2433 | 1 Trendmicro | 3 Client Server Messaging Suite, Officescan, Worry-free Business Security | 2025-04-09 | 9.8 Critical |
| The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration." | ||||
| CVE-2008-2020 | 8 E107, Labgab, My123tkshop and 5 more | 8 E107, Labgab, E-commerce-suite and 5 more | 2025-04-09 | 7.5 High |
| The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings. | ||||
| CVE-2009-3238 | 5 Canonical, Linux, Opensuse and 2 more | 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more | 2025-04-09 | 5.5 Medium |
| The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." | ||||
| CVE-2009-2158 | 1 Torrenttrader Project | 1 Torrenttrader | 2025-04-09 | 7.5 High |
| account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. | ||||
| CVE-2008-0141 | 1 Webportal Cms Project | 1 Webportal Cms | 2025-04-09 | 7.5 High |
| actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action. | ||||
| CVE-2021-26407 | 1 Amd | 2 Romepi, Romepi Firmware | 2025-04-08 | 5.5 Medium |
| A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. | ||||
| CVE-2017-5242 | 1 Rapid7 | 1 Insightvm | 2025-04-08 | 7.7 High |
| Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots. | ||||
| CVE-2024-50684 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 6.5 Medium |
| SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data (insufficient entropy). This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud. | ||||