CWE-330

5/22/2019CWE-330, CWE-330

MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass

6/2/2024CWE-330

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, an

CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, an...

CVE-2023-30797

4/19/2023CWE-330, CWE-330 +1

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain acces

Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain acces...

CVE-2022-29035

3.3LOW

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations

4/11/2022CWE-330, CWE-330

CVE-2023-6376

11/30/2023CWE-330, CWE-330

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.

CVE-2021-26407

1/11/2023CWE-330, CWE-330

A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.

CVE-2023-22601

10.0CRITICAL

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They d

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They d...

1/12/2023CWE-330

CVE-2024-42165

6.3MEDIUM

Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.

8/12/2024CWE-330, CWE-330

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.

6/1/2021CWE-330, CWE-330

CVE-2023-26855

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.

4/4/2023CWE-330, CWE-330

CVE-2022-26851

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data

Dell PowerScale OneFS, 8.2.2-9.3.x, contains a predictable file name from observable state vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to data...

4/8/2022CWE-330, CWE-330

CVE-2018-17888

10/12/2018CWE-330, CWE-330

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code executi

NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code executi...

CVE-2018-13280

7.4HIGH

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sess

Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sess...

7/30/2018CWE-330, CWE-330

CVE-2022-43485

6.2MEDIUM

Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client's JWT token. This issue affects OneWireless version 322.1

5/30/2023CWE-330, CWE-330

CVE-2020-11877

4/17/2020CWE-330, CWE-330

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable

airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable ...

CVE-2020-7548

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized

A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized...

12/1/2020CWE-330

CVE-2023-24478

8/15/2023CWE-330, CWE-330

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potenti

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potenti...

CVE-2018-18602

12/31/2018CWE-330, CWE-330

The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.

CVE-2024-6348

8/19/2024CWE-330, CWE-330

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security

Predictable seed generation in the security access mechanism of UDS in the Blind Spot Protection Sensor ECU in Nissan Altima (2022) allows attackers to predict the requested seeds and bypass security ...

CVE-2022-38970

6.5MEDIUM

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a

ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a...

9/26/2022CWE-330, CWE-330

CVE-2018-1108

5.9MEDIUM

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the

kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the...

5/21/2018CWE-330, CWE-330

CVE-2023-29332

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

9/12/2023CWE-330, CWE-20

CVE-2020-27635

In PicoTCP 1.7.0, TCP ISNs are improperly random.

CVE-2020-27634

In Contiki 4.5, TCP ISNs are improperly random.

CVE-2020-27633

In FNET 4.6.3, TCP ISNs are improperly random.

CVE-2021-38606

reNgine through 0.5 relies on a predictable directory name.

8/12/2021CWE-330

CVE-2012-1562

Joomla! core before 2.5.3 allows unauthorized password change.

1/15/2020CWE-330

CVE-2022-43501

2/10/2023CWE-330, CWE-330

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the curren

KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the curren...

CVE-2022-30935

9/28/2022CWE-330, CWE-330

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to

An authorization bypass in b2evolution allows remote, unauthenticated attackers to predict password reset tokens for any user through the use of a bad randomness function. This allows the attacker to ...

CVE-2021-27393

4/22/2021CWE-330, CWE-330

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does n

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does n...

CVE-2020-27631

In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.

CVE-2022-34295

6.5MEDIUM

totd before 1.5.3 does not properly randomize mesg IDs.

6/23/2022CWE-330

CVE-2022-28355

randomUUID in Scala.js before 1.10.0 generates predictable values.

4/2/2022CWE-330

CVE-2021-3692

8/10/2021CWE-1241, CWE-330

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

CVE-2021-3689

8/10/2021CWE-1241, CWE-330

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

CVE-2020-27636

In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.

CVE-2023-32831

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not n

In wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not n...

1/2/2024CWE-330, CWE-330

CVE-2023-22912

1/20/2023CWE-330, CWE-330

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-use

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-use...

CVE-2020-35163

7/11/2022CWE-330, CWE-330

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

CVE-2020-27264

8.8HIGH

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which a

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which a...

1/19/2021CWE-330, CWE-330

CVE-2013-4102

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

11/4/2019CWE-330

CVE-2020-27630

In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.

CVE-2020-26107

cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).

9/25/2020CWE-330

CVE-2016-4980

2.5LOW

A password generation weakness exists in xquest through 2016-06-13.

11/27/2019CWE-330

CVE-2023-26451

5/25/2023CWE-330, CWE-330

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be use

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be use...

8/2/2023CWE-330, CWE-330

CVE-2023-31124

3.7LOW

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This wil

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This wil...

CVE-2021-45487

In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures.

12/25/2021CWE-330

CVE-2021-45488

In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm.

12/25/2021CWE-330

CVE-2019-17105