Total
311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0466 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to track a device. This could lead to remote information disclosure to a proximal attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-154114734 | |||||
| CVE-2021-0417 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In memory management driver, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05336702. | |||||
| CVE-2021-0375 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In onPackageModified of VoiceInteractionManagerService.java, there is a possible change of default applications due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-167261484 | |||||
| CVE-2020-9502 | 1 Dahuasecurity | 40 Ipc-hdbw1320e-w, Ipc-hdbw1320e-w Firmware, Ipc-hx2xxx and 37 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. | |||||
| CVE-2020-9449 | 1 Justblab | 4 Blab\! Ax, Blab\! Ax Pro, Blab\! Ws and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin. | |||||
| CVE-2020-8988 | 1 Voatz | 1 Voatz | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it easier for attackers (after using root access to make a copy of the local database) to discover login credentials and voting history via an offline brute-force approach. | |||||
| CVE-2020-8792 | 1 Oklok Project | 1 Oklok | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the name of the lock. Valid barcode inputs can be easily guessed because barcode strings follow a predictable pattern. Correctly guessed valid barcode inputs entered through the app interface disclose arbitrary users' email addresses and lock names. | |||||
| CVE-2020-8631 | 3 Canonical, Debian, Opensuse | 3 Cloud-init, Debian Linux, Leap | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function. | |||||
| CVE-2020-7548 | 1 Schneider-electric | 14 Acti9 Powertag Link, Acti9 Powertag Link Firmware, Acti9 Powertag Link Hd and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. | |||||
| CVE-2020-7241 | 1 Wpseeds | 1 Wp Database Backup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. | |||||
| CVE-2020-5408 | 2 Pivotal Software, Vmware | 2 Spring Security, Spring Security | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. | |||||
| CVE-2020-5365 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. | |||||
| CVE-2020-4188 | 1 Ibm | 1 Security Guardium | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium 10.6 and 11.1 may use insufficiently random numbers or values in a security context that depends on unpredictable numbers. IBM X-Force ID: 174807. | |||||
| CVE-2020-35926 | 1 Nanorand Project | 1 Nanorand | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the nanorand crate before 0.5.1 for Rust. It caused any random number generator (even ChaCha) to return all zeroes because integer truncation was mishandled. | |||||
| CVE-2020-35685 | 2 Hcc-embedded, Siemens | 5 Nichestack, Sentron 3wa Com190, Sentron 3wa Com190 Firmware and 2 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in HCC Nichestack 3.0. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. (Proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.) | |||||
| CVE-2020-35163 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. | |||||
| CVE-2020-2099 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | |||||
| CVE-2020-27743 | 1 Pam Tacplus Project | 1 Pam Tacplus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. | |||||
| CVE-2020-27636 | 1 Microchip | 1 Mplab Network Creator | 2024-11-21 | N/A | 9.1 CRITICAL |
| In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | |||||
| CVE-2020-27635 | 1 Capgemini | 1 Picotcp | 2024-11-21 | N/A | 9.1 CRITICAL |
| In PicoTCP 1.7.0, TCP ISNs are improperly random. | |||||