Weaknesses of type CWE-330

148 results
CVE-2017-6026A Use of Insufficiently Random Values issue was discovered in Schneider Electric Modicon PLCs Modicon M241, firmware versions prior to VersiEPSS 31.8%CVE-2018-17888NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the activeEPSS 29.6%CVE-2021-20322A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allEPSS 6.9%CVE-2020-25705A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attackeEPSS 6.7%CVE-2016-10180HIGHAn issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.EPSS 4.4%CVE-2020-13817HIGHntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote attackers to cause a denial of service (daemon exit or system time changeEPSS 4.1%CVE-2017-0897ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the toEPSS 4.0%CVE-2023-29332HIGHMicrosoft Azure Kubernetes Service Elevation of Privilege VulnerabilityEPSS 2.8%CVE-2019-6821CWE-330: Use of Insufficiently Random Values vulnerability, which could cause the hijacking of the TCP connection when using Ethernet communEPSS 1.9%CVE-2019-3795LOWInsecure Randomness When Using a SecureRandom Instance Constructed by Spring SecurityEPSS 1.9%CVE-2018-1108MEDIUMkernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, earlEPSS 1.8%CVE-2025-7783CRITICALUsage of unsafe random function in form-data for choosing boundaryEPSS 1.7%CVE-2025-6931MEDIUMD-Link DCS-6517/DCS-7517 Root Password Generation httpd generate_pass_from_mac entropyEPSS 1.6%CVE-2020-11877HIGHairhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: theEPSS 1.5%CVE-2021-32791MEDIUMHardcoded static IV and AAD with a reused key in AES GCM encryption in mod_auth_openidcEPSS 1.5%CVE-2018-18602CRITICALThe Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.EPSS 1.4%CVE-2020-7548A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notificEPSS 1.4%CVE-2021-21352MEDIUMPredictable tokens used for password resetsEPSS 1.4%CVE-2013-4734HIGHdasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 geEPSS 1.4%CVE-2022-25752A vulnerability has been identified in SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE XEPSS 1.4%