Fallos del tipo CWE-338

125 resultados
CVE-2024-29868CRITICALApache StreamPipes, Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token GenerationEPSS 6.0%CVE-2024-31497MEDIUMIn PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quiEPSS 5.8%CVE-2021-43799HIGHRabbitMQ exposes ports with weak default secrets in Zulip ServerEPSS 5.4%CVE-2008-3280It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable RandEPSS 4.0%CVE-2017-9230HIGHThe Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initiaEPSS 3.3%CVE-2021-3538A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7EPSS 2.3%CVE-2022-35255CRITICALA weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGeEPSS 1.9%CVE-2019-5440Use of cryptographically weak PRNG in the password recovery token generation of Revive Adserver < v4.2.1 causes a potential authentication bEPSS 1.6%CVE-2014-2362OleumTech WIO Use of Cryptographically Weak Pseudo-Random Number GeneratorEPSS 1.6%CVE-2022-29245MEDIUMWeak private key generation in SSH.NETEPSS 1.4%CVE-2024-38353MEDIUMCodiMD - Missing Image Access Controls and Unauthorized Image AccessEPSS 1.2%CVE-2022-20817HIGHCisco IP Phone Duplicate Key VulnerabilityEPSS 1.1%CVE-2021-3678HIGHUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdocEPSS 1.1%CVE-2011-4574PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the pEPSS 1.1%CVE-2021-34430Eclipse TinyDTLS through 0.9-rc1 relies on the rand function in the C library, which makes it easier for remote attackers to compute the masEPSS 1.0%CVE-2022-36045CRITICALAccount takeover via cryptographically weak PRNG in NodeBB ForumEPSS 1.0%CVE-2024-40762CRITICALUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain caEPSS 1.0%CVE-2023-45237MEDIUMUse of a Weak PseudoRandom Number Generator in EDK II Network PackageEPSS 1.0%CVE-2023-48224HIGHCryptographically Weak Generation of One-Time Codes for Identity Verification in ethyca-fidesEPSS 1.0%CVE-2023-31290MEDIUMTrust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 3EPSS 1.0%