CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2019-09-02
Medium
CVE-2019-15847

Vendor: GNU
Software: GCC
 

 
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

 
2019-08-09
Medium
CVE-2019-14806

Vendor: Palletsprojects
Software: Werkzeug
 

 
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

 
2018-09-12
Low
CVE-2018-8435

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

 
2018-07-27
Low
CVE-2017-2626

Vendor: Freedesktop
Software: Libice
 

 
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

 
2018-07-09
Medium
CVE-2018-1000620

Vendor: Cryptiles project
Software: Cryptiles
 

 
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

 
2018-05-16
Medium
CVE-2018-10240

Vendor: Solarwinds
Software: Serv-u
 

 
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.

 
2018-04-12
Medium
CVE-2014-8422

Updating...
 

 
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack.

 
2017-10-24
Medium
CVE-2014-0691

Vendor: Cisco
Software: Webex meetin...
 

 
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643.

 
2017-10-05
Medium
CVE-2017-13992

Vendor: Loytec
Software: Lvis-3me fir...
 

 
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.

 
2017-08-09
Medium
CVE-2015-3405

Vendor: Opensuse project
Software: Suse linux e...
 

 
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top