CWE:
 

Topic
Date
Author
High
WordPress iThemes Security Insecure Backup / Logfile Generation
22.04.2016
Nicolas CHATELAIN


CVEMAP Search Results

CVE
Details
Description
2019-06-19
Low
CVE-2018-18425

Vendor: Primeo project
Software: Primeo
 

 
The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.)

 
2019-05-22
Medium
CVE-2019-6821

Vendor: Schneider-electric
Software: Modicon m340...
 

 
CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communication in Modicon M580 firmware versions prior to V2.30, and all firmware versions of Modicon M340, Modicon Premium, Modicon Quantum.

 
2019-05-09
Low
CVE-2019-11840

Updating...
 

 
An issue was discovered in supplementary Go cryptography libraries, aka golang-googlecode-go-crypto, before 2019-03-20. A flaw was found in the amd64 implementation of golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa. If more than 256 GiB of keystream is generated, or if the counter otherwise grows greater than 32 bits, the amd64 implementation will first generate incorrect output, and then cycle back to previously generated keystream. Repeated keystream bytes can lead to loss of confidentiality in encryption applications, or to predictability in CSPRNG applications.

 
2019-05-03
Low
CVE-2019-11690

Vendor: DENX
Software: U-boot
 

 
gen_rand_uuid in lib/uuid.c in Das U-Boot v2014.04 through v2019.04 lacks an srand call, which allows attackers to determine UUID values in scenarios where CONFIG_RANDOM_UUID is enabled, and Das U-Boot is relied upon for UUID values of a GUID Partition Table of a boot device.

 
2019-02-28
Medium
CVE-2019-1997

Vendor: Google
Software: Android
 

 
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900.

 
2019-02-19
Medium
CVE-2018-20025

Updating...
 

 
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.

 
2018-12-26
Medium
CVE-2018-17987

Vendor: Hashheroes
Software: Hashheroes
 

 
The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile.

 
2018-10-19
Medium
CVE-2018-18531

Vendor: Kaptcha project
Software: Kaptcha
 

 
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.

 
2018-10-12
Medium
CVE-2018-17888

Vendor: NUUO
Software: Nuuo cms
 

 
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution.

 
2018-07-30
Low
CVE-2018-13280

Vendor: Synology
Software: Diskstation ...
 

 
Use of insufficiently random values vulnerability in SYNO.Encryption.GenRandomKey in Synology DiskStation Manager (DSM) before 6.2-23739 allows man-in-the-middle attackers to compromise non-HTTPS sessions via unspecified vectors.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top