Search
Total
15 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23126 | 1 Joomla | 1 Joomla\! | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret. | |||||
| CVE-2022-29245 | 1 Ssh.net Project | 1 Ssh.net | 2022-06-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms. | |||||
| CVE-2021-3990 | 1 Showdoc | 1 Showdoc | 2021-12-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |||||
| CVE-2021-3678 | 1 Showdoc | 1 Showdoc | 2021-08-11 | 4.3 MEDIUM | 5.9 MEDIUM |
| showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | |||||
| CVE-2021-0131 | 1 Intel | 219 Secl-dc, Xeon Bronze 3104, Xeon Bronze 3106 and 216 more | 2021-06-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use of cryptographically weak pseudo-random number generator (PRNG) in an API for the Intel(R) Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2008-3280 | 1 Openid | 1 Openid | 2021-05-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs. | |||||
| CVE-2021-29245 | 1 Btcpayserver | 1 Btcpay Server | 2021-05-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. | |||||
| CVE-2019-19794 | 1 Miekg-dns Project | 1 Miekg-dns | 2020-01-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | |||||
| CVE-2019-8113 | 1 Magento | 1 Magento | 2019-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration. | |||||
| CVE-2012-6124 | 1 Call-cc | 1 Chicken | 2019-11-06 | 5.0 MEDIUM | 5.3 MEDIUM |
| A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and is advertised as being unsuitable)." | |||||
| CVE-2017-16028 | 1 Randomatic Project | 1 Randomatic | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()). | |||||
| CVE-2018-5871 | 1 Qualcomm | 62 Mdm9206, Mdm9206 Firmware, Mdm9607 and 59 more | 2019-10-03 | 3.3 LOW | 6.5 MEDIUM |
| In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected. | |||||
| CVE-2019-10755 | 1 Pac4j | 1 Pac4j | 2019-09-24 | 4.0 MEDIUM | 4.9 MEDIUM |
| The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml. | |||||
| CVE-2018-12885 | 1 Mycryptochamp | 1 Mycryptochamp | 2018-10-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards. | |||||
| CVE-2017-11671 | 1 Gnu | 1 Gcc | 2018-04-12 | 2.1 LOW | 4.0 MEDIUM |
| Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. | |||||