How severe is CVE-2023-31305?

This vulnerability has a severity rating of LOW with a CVSS score of 1.9 out of 10.

What type of vulnerability is CVE-2023-31305?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2023-31305

LOW Year: 2023

CVSS v3 Score

1.9

Low

Weakness Type

CWE-338

View all →

Vulnerability Description

Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.

CVE-2022-48506

LOW

CVSS:2.4(Low)

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were ca...

CWE-3382022

CVE-2021-3047

LOW

CVSS:3.1(Low)

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability...

CWE-3382021

CVE-2025-46653

LOW

CVSS:3.1(Low)

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographica...

CWE-3382025

CVE-2019-11808

LOW

CVSS:3.7(Low)

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start...

CWE-3382019

CVE-2009-2367

CRITICAL

CVSS:9.8(Critical)

cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the sess...

CWE-3382009

CVE-2011-4574