CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-10-27
Medium
CVE-2011-4574

Vendor: Polarssl
Software: Polarssl
 

 
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.

 
2021-08-30
Low
CVE-2021-27913

Vendor: Acquia
Software: Mautic
 

 
The function mt_rand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are not under his/her control This issue affects: Mautic Mautic versions prior to 3.3.4; versions prior to 4.0.0.

 
2021-08-11
Low
CVE-2021-3047

Vendor: Paloaltonetworks
Software: Pan-os
 

 
A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability to observe their own authentication secrets over a long duration on the PAN-OS appliance, to impersonate another authenticated web interface administrator's session. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.10; PAN-OS 10.0 versions earlier than PAN-OS 10.0.4. PAN-OS 10.1 versions are not impacted.

 
2021-08-06
Medium
CVE-2021-37553

Vendor: Jetbrains
Software: Youtrack
 

 
In JetBrains YouTrack before 2021.2.16363, an insecure PRNG was used.

 
2021-08-04
Low
CVE-2021-3678

Vendor: Showdoc
Software: Showdoc
 

 
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

 
2021-05-21
Low
CVE-2008-3280

Vendor: Openid
Software: Openid
 

 
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to rely on these OPs.

 
2021-05-05
Medium
CVE-2021-29245

Vendor: Btcpayserver
Software: Btcpay server
 

 
BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.

 
2020-12-31
Medium
CVE-2020-35926

Vendor: Nanorand project
Software: Nanorand
 

 
An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled.

 
2020-06-03
Medium
CVE-2020-13784

Updating...
 

 
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

 
2020-05-08
Low
CVE-2020-6616

Updating...
 

 
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).

 

 


Copyright 2021, cxsecurity.com

 

Back to Top