Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
CWE
:
Nic nie znaleziono w bazie WLB2
Common Weakness Enumeration (CWE)
CVE
Szczegóły
Opis
2021-10-27
Medium
CVE-2011-4574
Vendor:
Polarssl
Software:
Polarssl
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
2021-08-30
Low
CVE-2021-27913
Vendor:
Acquia
Software:
Mautic
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.
2021-08-11
Low
CVE-2021-3047
Vendor:
Paloaltonetworks
Software:
Pan-os
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.
2021-08-06
Medium
CVE-2021-37553
Vendor:
Jetbrains
Software:
Youtrack
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.
2021-08-04
Low
CVE-2021-3678
Vendor:
Showdoc
Software:
Showdoc
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
2021-05-21
Low
CVE-2008-3280
Vendor:
Openid
Software:
Openid
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.
2021-05-05
Medium
CVE-2021-29245
Vendor:
Btcpayserver
Software:
Btcpay server
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.
2020-12-31
Medium
CVE-2020-35926
Vendor:
Nanorand project
Software:
Nanorand
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.
2020-06-03
Medium
CVE-2020-13784
Updating...
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.
2020-05-08
Low
CVE-2020-6616
Updating...
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
Copyright
2021
, cxsecurity.com
Back to Top
Polish
English