6 matches found
CVE-2022-30782
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers...
CVE-2022-26779 Apache Cloudstack insecure random number generation affects project email invitation
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate...
CVE-2020-25232
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...
Design/Logic Flaw
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port...
CVE-2020-9449
An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS client, and BlaB! WS Pro client version 19.11 allows an attacker with a guest or user session cookie to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitra...
CVE-2018-15795
Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service...