CVE-2024-55566

MEDIUM Year: 2024
CVSS v3 Score
6.6
Medium
Weakness Type
CWE-335
View all →

Vulnerability Description

ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users.

Related Vulnerabilities

CVE-2018-12384

MEDIUM
CVSS:5.9(Medium)

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2...

CWE-3352018

CVE-2016-10180

HIGH
CVSS:7.5(High)

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

CWE-3352016

CVE-2017-5214

HIGH
CVSS:7.5(High)

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded...

CWE-3352017

CVE-2019-25061

HIGH
CVSS:7.5(High)

The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.

CWE-3352019

CVE-2020-13784

HIGH
CVSS:7.5(High)

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

CWE-3352020

CVE-2020-7010

HIGH
CVSS:7.5(High)

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deploy...

CWE-3352020