Vulnerabilities (CVE)

CWE filter

CWE-338

Filter

30 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-5440 1 Revive-adserver 1 Revive Adserver 2019-10-09 6.8
Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bypass attack if an attacker exploits the password recovery functionality. In...
CVE-2018-15795 1 Pivotal Software 1 Credhub Service Broker 2019-10-09 5.5
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of...
CVE-2017-16028 1 Randomatic Project 1 Randomatic 2019-10-09 5.0
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
CVE-2017-8081 1 Cagintranetworks 1 Getsimple Cms 2019-10-03 6.8
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.
CVE-2017-5493 1 Wordpress 1 Wordpress 2019-10-03 5.0
wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted (1) site...
CVE-2018-11290 1 Qualcomm 27 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9640 Firmware and 24 more 2019-10-03 5.0
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630,...
CVE-2018-5837 1 Qualcomm 28 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 25 more 2019-10-03 5.0
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439,...
CVE-2018-5871 1 Qualcomm 31 Mdm9206 Firmware, Mdm9607 Firmware, Mdm9640 Firmware and 28 more 2019-10-03 3.3
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850,...
CVE-2018-11291 1 Qualcomm 36 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 33 more 2019-10-03 5.0
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD...
CVE-2015-9435 1 Dash10 1 Oauth Server 2019-10-02 7.5
The oauth2-provider plugin before 3.1.5 for WordPress has incorrect generation of random numbers.
CVE-2019-10755 1 Pac4j 1 Pac4j 2019-09-24 4.0
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue...
CVE-2019-10754 1 Apereo 1 Central Authentication Service 2019-09-24 5.5
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
CVE-2018-15552 1 Theethereumlottery 2 Theethereumlottery, The Ethereum Lottery 2019-09-16 5.0
The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (which is private, yet predictable and readable...
CVE-2019-16303 1 Jhipster 1 Jhipster Kotlin 2019-09-16 7.5
A class generated by the Generator in JHipster before 6.3.0 and JHipster Kotlin through 1.1.0 produces code that uses an insecure source of randomness (apache.commons.lang3 RandomStringUtils). This allows an attacker (if able to obtain their own...
CVE-2018-12056 1 All-for-one 1 All For One 2019-06-24 5.0
The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it...
CVE-2019-11842 1 Matrix 2 Sydent, Synapse 2019-05-10 5.0
An issue was discovered in Matrix Sydent before 1.0.3 and Synapse before 0.99.3.1. Random number generation is mishandled, which makes it easier for attackers to predict a Sydent authentication token or a Synapse random ID.
CVE-2019-11808 1 Ratpack Project 1 Ratpack 2019-05-08 4.3
Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start time and obtain a session ID value, they can...
CVE-2018-12975 1 Cryptosaga 1 Cryptosaga 2018-12-20 5.0
The random() function of the smart contract implementation for CryptoSaga, an Ethereum game, generates a random value with publicly readable variables such as timestamp, the current block's blockhash, and a private variable (which can be read...
CVE-2018-17071 1 Lucky9 1 Lucky9io 2018-12-10 5.0
The fallback function of a simple lottery smart contract implementation for Lucky9io, an Ethereum gambling game, generates a random value with the publicly readable variable entry_number. This variable is private, yet it is readable by...
CVE-2018-17968 1 Ruletkaio 1 Ruletkaio 2018-12-08 5.0
A gambling smart contract implementation for RuletkaIo, an Ethereum gambling game, generates a random value that is predictable by an external contract call. The developer wrote a random() function that uses a block timestamp and block hash from...