ReportizFlow
Filtered by vendor
Subscriptions
Total
350 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-18531 | 1 Kaptcha Project | 1 Kaptcha | 2024-11-21 | N/A |
| text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. | ||||
| CVE-2018-18425 | 1 Primeo Project | 1 Primeo | 2024-11-21 | N/A |
| The doAirdrop function of a smart contract implementation for Primeo (PEO), an Ethereum token, does not check the numerical relationship between the amount of the air drop and the token's total supply, which lets the owner of the contract issue an arbitrary amount of currency. (Increasing the total supply by using 'doAirdrop' ignores the hard cap written in the contract and devalues the token.) | ||||
| CVE-2018-18375 | 1 Orange | 2 Airbox, Airbox Firmware | 2024-11-21 | N/A |
| goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter. | ||||
| CVE-2018-17987 | 1 Hashheroes | 1 Hashheroes | 2024-11-21 | N/A |
| The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUM_TILES equals the number of people who purchased a tile, which allows an attacker to control the awarding of the prize by being the last person to purchase a tile. | ||||
| CVE-2018-17888 | 1 Nuuo | 1 Nuuo Cms | 2024-11-21 | N/A |
| NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution. | ||||
| CVE-2018-16239 | 1 Damicms | 1 Damicms | 2024-11-21 | N/A |
| An issue was discovered in damiCMS V6.0.1. It relies on the PHP time() function for cookies, which makes it possible to determine the cookie for an existing admin session via 10800 guesses. | ||||
| CVE-2018-15807 | 1 Posim | 1 Evo | 2024-11-21 | N/A |
| POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed locally using a deterministic algorithm. This code may be generated by an attacker and used to bypass any POSIM EVO login prompt. | ||||
| CVE-2018-11045 | 1 Pivotal Software | 1 Operations Manager | 2024-11-21 | N/A |
| Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG. | ||||
| CVE-2018-1000620 | 1 Cryptiles Project | 1 Cryptiles | 2024-11-21 | 9.8 Critical |
| Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2. | ||||
| CVE-2017-16924 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | N/A |
| Remote Information Disclosure and Escalation of Privileges in ManageEngine Desktop Central MSP 10.0.137 allows attackers to download unencrypted XML files containing all data for configuration policies via a predictable /client-data/<client_id>/collections/##/usermgmt.xml URL, as demonstrated by passwords and Wi-Fi keys. This is fixed in build 100157. | ||||
| CVE-2017-16031 | 1 Socket | 1 Socket.io | 2024-11-21 | N/A |
| Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain access to socket.io servers, potentially obtaining sensitive information. | ||||
| CVE-2017-16028 | 1 Randomatic Project | 1 Randomatic | 2024-11-21 | N/A |
| react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()). | ||||
| CVE-2017-15654 | 1 Asus | 1 Asuswrt | 2024-11-21 | N/A |
| Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access. | ||||
| CVE-2016-4980 | 3 Ethz, Fedoraproject, Redhat | 3 Xquest, Fedora, Enterprise Linux | 2024-11-21 | 2.5 Low |
| A password generation weakness exists in xquest through 2016-06-13. | ||||
| CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2024-11-21 | 9.8 Critical |
| generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | ||||
| CVE-2013-4102 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 9.1 Critical |
| Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness | ||||
| CVE-2013-0294 | 2 Fedoraproject, Pyrad Project | 2 Fedora, Pyrad | 2024-11-21 | 5.9 Medium |
| packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack. | ||||
| CVE-2012-1562 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| Joomla! core before 2.5.3 allows unauthorized password change. | ||||
| CVE-2011-4121 | 1 Ruby-lang | 1 Ruby | 2024-11-21 | 9.8 Critical |
| The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism. | ||||
| CVE-2010-3666 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.3 Medium |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function. | ||||