CVE-2024-36048

CRITICAL Year: 2024
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-335
View all →

Vulnerability Description

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values.

Related Vulnerabilities

CVE-2012-1577

CRITICAL
CVSS:9.8(Critical)

lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.

CWE-3352012

CVE-2017-11519

CRITICAL
CVSS:9.8(Critical)

passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.

CWE-3352017

CVE-2019-10908

CRITICAL
CVSS:9.8(Critical)

In Airsonic 10.2.1, RecoverController.java generates passwords via org.apache.commons.lang.RandomStringUtils, which uses java.util.Random internally. This PRNG has a 48-bit seed that can easily be bru...

CWE-3352019

CVE-2019-11495

CRITICAL
CVSS:9.8(Critical)

In Couchbase Server 5.1.1, the cookie used for intra-node communication was not generated securely. Couchbase Server uses erlang:now() to seed the PRNG which results in a small search space for potent...

CWE-3352019

CVE-2023-4472

CRITICAL
CVSS:9.8(Critical)

Objectplanet Opinio version 7.22 and prior uses a cryptographically weak pseudo-random number generator (PRNG) coupled to a predictable seed, which could lead to an unauthenticated account takeover of...

CWE-3352023

CVE-2018-1426

CRITICAL
CVSS:9.1(Critical)

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Se...

CWE-3352018