Total
340 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8988 | 1 Voatz | 1 Voatz | 2024-11-21 | 5.9 Medium |
| The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach. | ||||
| CVE-2020-8792 | 1 Oklok Project | 1 Oklok | 2024-11-21 | 5.3 Medium |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users' email addresses and lock names. | ||||
| CVE-2020-8632 | 4 Canonical, Debian, Opensuse and 1 more | 4 Cloud-init, Debian Linux, Leap and 1 more | 2024-11-21 | 5.5 Medium |
| In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords. | ||||
| CVE-2020-8631 | 4 Canonical, Debian, Opensuse and 1 more | 4 Cloud-init, Debian Linux, Leap and 1 more | 2024-11-21 | 5.5 Medium |
| cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | ||||
| CVE-2020-7548 | 1 Schneider-electric | 14 Acti9 Powertag Link, Acti9 Powertag Link Firmware, Acti9 Powertag Link Hd and 11 more | 2024-11-21 | 9.8 Critical |
| A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. | ||||
| CVE-2020-7241 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 7.5 High |
| The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. | ||||
| CVE-2020-5408 | 2 Pivotal Software, Vmware | 2 Spring Security, Spring Security | 2024-11-21 | 6.5 Medium |
| Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. | ||||
| CVE-2020-5365 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 5.3 Medium |
| Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. | ||||
| CVE-2020-4188 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.3 Medium |
| IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. | ||||
| CVE-2020-36252 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 6.8 Medium |
| ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | ||||
| CVE-2020-35926 | 1 Nanorand Project | 1 Nanorand | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. | ||||
| CVE-2020-35685 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2024-11-21 | 9.1 Critical |
| An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.) | ||||
| CVE-2020-35163 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 5.3 Medium |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. | ||||
| CVE-2020-2099 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 8.6 High |
| Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | ||||
| CVE-2020-27743 | 1 Pam Tacplus Project | 1 Pam Tacplus | 2024-11-21 | 9.8 Critical |
| libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. | ||||
| CVE-2020-27636 | 1 Microchip | 1 Mplab Network Creator | 2024-11-21 | 9.1 Critical |
| In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | ||||
| CVE-2020-27635 | 1 Capgemini | 1 Picotcp | 2024-11-21 | 9.1 Critical |
| In PicoTCP 1.7.0, TCP ISNs are improperly random. | ||||
| CVE-2020-27634 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 9.1 Critical |
| In Contiki 4.5, TCP ISNs are improperly random. | ||||
| CVE-2020-27633 | 1 Butok | 1 Fnet | 2024-11-21 | 9.1 Critical |
| In FNET 4.6.3, TCP ISNs are improperly random. | ||||
| CVE-2020-27631 | 1 Oryx-embedded | 1 Cyclonetcp | 2024-11-21 | 9.8 Critical |
| In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | ||||