Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13086 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 5.4 MEDIUM | 6.8 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |||||
| CVE-2017-13084 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 5.4 MEDIUM | 6.8 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |||||
| CVE-2017-13082 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the fast BSS transmission (FT) handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |||||
| CVE-2017-13081 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the group key handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |||||
| CVE-2017-13080 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients. | |||||
| CVE-2017-13079 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w allows reinstallation of the Integrity Group Temporal Key (IGTK) during the four-way handshake, allowing an attacker within radio range to spoof frames from access points to clients. | |||||
| CVE-2017-13078 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the four-way handshake, allowing an attacker within radio range to replay frames from access points to clients. | |||||
| CVE-2017-13077 | 7 Canonical, Debian, Freebsd and 4 more | 12 Ubuntu Linux, Debian Linux, Freebsd and 9 more | 2024-11-21 | 5.4 MEDIUM | 6.8 MEDIUM |
| Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | |||||
| CVE-2017-12361 | 1 Cisco | 1 Jabber | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vulnerability is due to the way Cisco Jabber for Windows handles random number generation for file folders. An attacker could exploit the vulnerability by fixing the random number data used to establish Secure Sockets Layer (SSL) connections between clients. An exploit could allow the attacker to decrypt secure communications made by the Cisco Jabber for Windows client. Cisco Bug IDs: CSCve44806. | |||||
| CVE-2017-10874 | 1 Ntt-east | 2 Pwr-q200, Pwr-q200 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PWR-Q200 does not use random values for source ports of DNS query packets, which allows remote attackers to conduct DNS cache poisoning attacks. | |||||
| CVE-2017-1000246 | 1 Pysaml2 Project | 1 Pysaml2 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data. | |||||
| CVE-2016-5100 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier for remote attackers to guess the password reset token by predicting a value. | |||||
| CVE-2016-5085 | 1 Animas | 2 Onetouch Ping, Onetouch Ping Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake. | |||||
| CVE-2016-4980 | 3 Ethz, Fedoraproject, Redhat | 3 Xquest, Fedora, Enterprise Linux | 2024-11-21 | 1.9 LOW | 2.5 LOW |
| A password generation weakness exists in xquest through 2016-06-13. | |||||
| CVE-2016-10180 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding. | |||||
| CVE-2015-9019 | 1 Xmlsoft | 1 Libxslt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | |||||
| CVE-2015-3963 | 2 Schneider-electric, Windriver | 14 Sage 1210, Sage 1230, Sage 1250 and 11 more | 2024-11-21 | 5.8 MEDIUM | N/A |
| Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices before J2 and other devices, does not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | |||||
| CVE-2014-6311 | 2 Debian, Vanderbilt | 2 Debian Linux, Adaptive Communication Environment | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges. | |||||
| CVE-2013-7463 | 1 Aescrypt Project | 1 Aescrypt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use with the AESCrypt.encrypt and AESCrypt.decrypt functions, which allows attackers to defeat cryptographic protection mechanisms via a chosen plaintext attack. | |||||
| CVE-2013-6925 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2024-11-21 | 8.3 HIGH | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value. | |||||