Vulnerabilities (CVE)

CWE filter

CWE-332

Filter

10 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-18486 1 Jitbit 1 Helpdesk 2019-08-19 6.5
Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to...
CVE-2019-3795 1 Pivotal Software 1 Spring Security 2019-05-20 5.0
Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted,...
CVE-2019-1715 1 Cisco 1 Firepower Threat Defense 2019-05-09 5.0
A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an...
CVE-2016-10743 1 W1.fi 1 Hostapd 2019-04-10 5.0
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2019-0729 1 Microsoft 1 Java Software Development Kit 2019-03-12 7.5
An Elevation of Privilege vulnerability exists in the way Azure IoT Java SDK generates symmetric keys for encryption, allowing an attacker to predict the randomness of the key, aka 'Azure IoT Java SDK Elevation of Privilege Vulnerability'.
CVE-2018-9057 1 Hashicorp 1 Terraform 2018-04-24 5.0
aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for remote attackers to obtain access by leveraging an...
CVE-2017-9371 1 Blackberry 1 Qnx Software Development Platform 2017-11-30 4.3
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making...
CVE-2014-9690 1 Huawei 1 Ws318 Firmware 2017-04-05 5.0
Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number generator (RNG) used in the supplier's solution is not...
CVE-2014-0016 1 Stunnel 1 Stunnel 2017-01-26 4.3
stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to use the same entropy pool and allows remote...
CVE-2016-9154 1 Siemens 6 Desigo Web Module Pxa30-w2 Firmware, Desigo Web Module Pxa40-w0 Firmware, Desigo Web Module Pxa30-w1 Firmware and 3 more 2016-12-30 5.0
Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 for Desigo PX...