CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-06-03
Medium
CVE-2020-13784

Updating...
 

 
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

 
2020-05-08
Low
CVE-2020-6616

Updating...
 

 
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).

 
2020-03-20
Medium
CVE-2019-15075

Vendor: Inextrix
Software: Astpp
 

 
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.

 
2019-12-13
Low
CVE-2019-19794

Vendor: Miekg-dns prject
Software: Miekg-dns
 

 
The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries.

 
2019-09-25
Medium
CVE-2015-9435

Vendor: Dash10
Software: Oauth server
 

 
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.

 
2019-09-23
Low
CVE-2019-10755

Vendor: Pac4j
Software: Pac4j
 

 
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.

 
Medium
CVE-2019-10754

Vendor: Apereo
Software: Central auth...
 

 
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.

 
2019-09-13
Medium
CVE-2019-16303

Vendor: Jhipster
Software: Jhipster kotlin
 

 
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own password reset URL) to compute the value for all other password resets for other accounts, thus allowing privilege escalation or account takeover.

 
2019-05-28
Medium
CVE-2019-5440

Vendor: Revive-adserver
Software: Revive adserver
 

 
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In lib/OA/Dal/PasswordRecovery.php, the function generateRecoveryId() generates a password reset token that relies on the PHP uniqid function and consequently depends only on the current server time, which is often visible in an HTTP Date header.

 
2019-05-09
Medium
CVE-2019-11842

Vendor: Matrix
Software: Sydent
 

 
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top