Skip to main content

CWE-334

Small Space of Random Values

9 CVEs Avg CVSS 7.1 MITRE
2
CRITICAL
3
HIGH
4
MEDIUM
0
LOW
1
POC
0
KEV

Monthly

CVE-2024-54017 MEDIUM CISA This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siprotec 5 6Md84 Cp300 Siprotec 5 6Md85 Cp200 Siprotec 5 6Md85 Cp300 Siprotec 5 6Md86 Cp200 +59
NVD VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2025-3895 CRITICAL Act Now

Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
9.1
EPSS
0.6%
CVE-2024-52616 MEDIUM This Month

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-39979 CRITICAL Act Now

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mxsecurity
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2022-20941 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Firewall Management Center
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2022-33707 MEDIUM This Month

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Find My Mobile
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-22517 HIGH This Week

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Control For Beaglebone Sl Control For Beckhoff Cx9020 Control For Empc A Imx6 Sl Control For Iot2000 Sl +16
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2021-21955 HIGH POC This Week

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2020-7566 HIGH This Week

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V11.0), SIPROTEC 5. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siprotec 5 6Md84 Cp300 Siprotec 5 6Md85 Cp200 +61
NVD VulDB
EPSS 1% CVSS 9.1
CRITICAL Act Now

Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mxsecurity
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to access sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cisco Secure Firewall Management Center
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Find My Mobile
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Control For Beaglebone Sl Control For Beckhoff Cx9020 +18
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eufy Homebase 2 Firmware
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modicon M221 Firmware
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy