CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-28
Low
CVE-2021-22799

Vendor: Schneider-electric
Software: Software update
 

 
A CWE-331: Insufficient Entropy vulnerability exists that could cause unintended connection from an internal network to an external network when an attacker manages to decrypt the SESU proxy password from the registry. Affected Product: Schneider Electric Software Update, V2.3.0 through V2.5.1

 
2021-11-20
Medium
CVE-2021-36320

Updating...
 

 
Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session ID.

 
2021-08-18
Medium
CVE-2020-25926

Vendor: Hcc-embedded
Software: Nichestack t...
 

 
The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS transaction id. The impact is: DNS cache poisoning (remote). The component is: dns_query_type(). The attack vector is: a specific DNS response packet.

 
2021-07-21
Medium
CVE-2021-22727

Updating...
 

 
A CWE-331: Insufficient Entropy vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to gain unauthorized access to the charging station web server

 
2021-04-19
Low
CVE-2021-3505

Vendor: Libtpms project
Software: Libtpms
 

 
A flaw was found in libtpms in versions before 0.8.0. The TPM 2 implementation returns 2048 bit keys with ~1984 bit strength due to a bug in the TCG specification. The bug is in the key creation algorithm in RsaAdjustPrimeCandidate(), which is called before the prime number check. The highest threat from this vulnerability is to data confidentiality.

 
2020-05-08
Medium
CVE-2020-12735

Vendor: Domainmod
Software: Domainmod
 

 
reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover.

 
2020-03-27
Medium
CVE-2020-1773

Vendor: OTRS
Software: OTRS
 

 
An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. This issue affects ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS; 7.0.15 and prior versions.

 
2020-02-28
Medium
CVE-2019-10064

Vendor: W1.fi
Software: Hostapd
 

 
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

 
2020-01-30
Medium
CVE-2015-8851

Vendor: Node-uuid project
Software: Node-uuid
 

 
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

 
2019-09-02
Medium
CVE-2019-15847

Vendor: GNU
Software: GCC
 

 
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top