Vulnerabilities (CVE)

Filtered by CWE-330
Total 304 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-4102 1 Cryptocat Project 1 Cryptocat 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness
CVE-2013-0294 2 Fedoraproject, Pyrad Project 2 Fedora, Pyrad 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack.
CVE-2012-1562 1 Joomla 1 Joomla\! 2024-11-21 5.0 MEDIUM 7.5 HIGH
Joomla! core before 2.5.3 allows unauthorized password change.
CVE-2010-3666 1 Typo3 1 Typo3 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
CVE-2009-2158 1 Torrenttrader Project 1 Torrenttrader 2024-11-21 7.5 HIGH 7.5 HIGH
account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.
CVE-2009-0255 2 Debian, Typo3 2 Debian Linux, Typo3 2024-11-21 5.0 MEDIUM 7.5 HIGH
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
CVE-2008-5162 1 Freebsd 1 Freebsd 2024-11-21 6.9 MEDIUM 7.0 HIGH
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
CVE-2008-4929 1 Mybb 1 Mybb 2024-11-21 5.0 MEDIUM 7.5 HIGH
MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to compose filenames of uploaded files used as attachments, which makes it easier for remote attackers to read these files by guessing filenames.
CVE-2008-4905 1 Typosphere 1 Typo 2024-11-21 5.0 MEDIUM 7.5 HIGH
Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack.
CVE-2008-3612 1 Apple 1 Iphone Os 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection.
CVE-2008-2433 1 Trendmicro 3 Client Server Messaging Suite, Officescan, Worry-free Business Security 2024-11-21 7.5 HIGH 9.8 CRITICAL
The web management console in Trend Micro OfficeScan 7.0 through 8.0, Worry-Free Business Security 5.0, and Client/Server/Messaging Suite 3.5 and 3.6 creates a random session token based only on the login time, which makes it easier for remote attackers to hijack sessions via brute-force attacks. NOTE: this can be leveraged for code execution through an unspecified "manipulation of the configuration."
CVE-2008-2020 8 E107, Labgab, My123tkshop and 5 more 8 E107, Labgab, E-commerce-suite and 5 more 2024-11-21 6.8 MEDIUM 7.5 HIGH
The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings.
CVE-2008-0141 1 Webportal Cms Project 1 Webportal Cms 2024-11-21 7.5 HIGH 7.5 HIGH
actions.php in WebPortal CMS 0.6-beta generates predictable passwords containing only the time of day, which makes it easier for remote attackers to obtain access to any account via a lostpass action.
CVE-2008-0087 1 Microsoft 4 Windows 2000, Windows Server 2003, Windows Vista and 1 more 2024-11-21 8.8 HIGH 7.5 HIGH
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
CVE-2024-10082 2024-11-06 N/A 8.7 HIGH
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication method confusion allows logging in as the built-in root user from an external service. The built-in root user up until 6.24.1 is generated in a weak manner, cannot be disabled, and has universal access.This vulnerability allows an attacker who can create an account on an enabled external authentication service, to log in as the root user, and access and control everything that can be controlled via the web interface. The attacker needs to acquire the username of the root user to be successful. This issue affects CodeChecker: through 6.24.1.
CVE-2024-20331 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense Software 2024-11-01 N/A 5.9 MEDIUM
A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerability is due to insufficient entropy in the authentication process. An attacker could exploit this vulnerability by determining the handle of an authenticating user and using it to terminate their authentication session. A successful exploit could allow the attacker to force a user to restart the authentication process, preventing a legitimate user from establishing remote access VPN sessions.
CVE-2024-47188 1 Oisf 1 Suricata 2024-10-22 N/A 7.5 HIGH
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to byte-range tracking having predictable hash table behavior. This can lead to an attacker forcing lots of data into a single hash bucket, leading to severe performance degradation. This issue has been addressed in 7.0.7.
CVE-2024-47187 1 Oisf 1 Suricata 2024-10-22 N/A 7.5 HIGH
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.7, missing initialization of the random seed for "thash" leads to datasets having predictable hash table behavior. This can lead to dataset file loading to use excessive time to load, as well as runtime performance issues during traffic handling. This issue has been addressed in 7.0.7. As a workaround, avoid loading datasets from untrusted sources. Avoid dataset rules that track traffic in rules.
CVE-2024-41708 2024-09-26 N/A 7.5 HIGH
An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.
CVE-2024-42165 1 Fiware 1 Keyrock 2024-08-29 N/A 5.4 MEDIUM
Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.