CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2020-05-08
Medium
CVE-2020-12735

Vendor: Domainmod
Software: Domainmod
 

 
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

 
2020-03-27
Medium
CVE-2020-1773

Vendor: OTRS
Software: OTRS
 

 
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.

 
2020-02-28
Medium
CVE-2019-10064

Vendor: W1.fi
Software: Hostapd
 

 
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

 
2020-01-30
Medium
CVE-2015-8851

Vendor: Node-uuid project
Software: Node-uuid
 

 
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

 
2019-09-02
Medium
CVE-2019-15847

Vendor: GNU
Software: GCC
 

 
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

 
2019-08-09
Medium
CVE-2019-14806

Vendor: Palletsprojects
Software: Werkzeug
 

 
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.

 
2018-09-12
Low
CVE-2018-8435

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.

 
2018-07-27
Low
CVE-2017-2626

Vendor: Freedesktop
Software: Libice
 

 
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

 
2018-07-09
Medium
CVE-2018-1000620

Vendor: Cryptiles project
Software: Cryptiles
 

 
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

 
2018-05-16
Medium
CVE-2018-10240

Vendor: Solarwinds
Software: Serv-u
 

 
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top