Total
29 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-11616 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | |||||
CVE-2020-28597 | 1 Epignosishq | 1 Efront | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice. | |||||
CVE-2021-27211 | 1 Steghide Project | 1 Steghide | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data. | |||||
CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | |||||
CVE-2012-1577 | 3 Debian, Dietlibc Project, Openbsd | 3 Debian Linux, Dietlibc, Openbsd | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0. | |||||
CVE-2018-12384 | 1 Mozilla | 1 Network Security Services | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. | |||||
CVE-2018-1426 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071. | |||||
CVE-2017-11519 | 1 Tp-link | 2 Archer C9 \(2.0\), Archer C9 \(2.0\) Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511. | |||||
CVE-2017-5214 | 1 Codextrous | 1 B2j Contact | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files. |