Total
340 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27630 | 1 Silabs | 1 Uc\/tcp-ip | 2024-11-21 | 9.8 Critical |
| In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | ||||
| CVE-2020-27556 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 5.3 Medium |
| A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. | ||||
| CVE-2020-27264 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 8.8 High |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy. | ||||
| CVE-2020-27213 | 1 Ethernut | 1 Nut\/os | 2024-11-21 | 7.5 High |
| An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528. | ||||
| CVE-2020-27180 | 1 Konzept-ix | 1 Publixone | 2024-11-21 | 7.5 High |
| konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | ||||
| CVE-2020-26550 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | ||||
| CVE-2020-26107 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | ||||
| CVE-2020-25705 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2024-11-21 | 7.4 High |
| A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version | ||||
| CVE-2020-1905 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 3.3 Low |
| Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated. | ||||
| CVE-2020-1759 | 3 Fedoraproject, Linuxfoundation, Redhat | 5 Fedora, Ceph, Ceph Storage and 2 more | 2024-11-21 | 6.4 Medium |
| A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. | ||||
| CVE-2020-1731 | 1 Redhat | 1 Keycloak Operator | 2024-11-21 | 9.1 Critical |
| A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace. | ||||
| CVE-2020-17470 | 1 Butok | 1 Fnet | 2024-11-21 | 5.3 Medium |
| An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks. | ||||
| CVE-2020-16271 | 1 Kee | 1 Keepassrpc | 2024-11-21 | 9.1 Critical |
| The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | ||||
| CVE-2020-16166 | 8 Canonical, Debian, Fedoraproject and 5 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-11-21 | 3.7 Low |
| The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. | ||||
| CVE-2020-15023 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2024-11-21 | 5.9 Medium |
| Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network. | ||||
| CVE-2020-14423 | 1 Convos | 1 Convos | 2024-11-21 | 5.3 Medium |
| Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations. | ||||
| CVE-2020-14422 | 5 Fedoraproject, Opensuse, Oracle and 2 more | 6 Fedora, Leap, Enterprise Manager Ops Center and 3 more | 2024-11-21 | 5.9 Medium |
| Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2. | ||||
| CVE-2020-13860 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password. | ||||
| CVE-2020-13817 | 5 Fujitsu, Netapp, Ntp and 2 more | 41 M10-1, M10-1 Firmware, M10-4 and 38 more | 2024-11-21 | 7.4 High |
| ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time change) by predicting transmit timestamps for use in spoofed packets. The victim must be relying on unauthenticated IPv4 time sources. There must be an off-path attacker who can query time from the victim's ntpd instance. | ||||
| CVE-2020-13304 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.8 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Same 2 factor Authentication secret code was generated which resulted an attacker to maintain access under certain conditions. | ||||