CWE-334
13 CVEs classified under CWE-334. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-39979 | Critical | 9.8 | 2023-09-02 | There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the… |
CVE-2022-24402 | High | 8.8 | 2023-10-19 | The TETRA TEA1 keystream generator implements a key register initialization function that compresses the 80-bit key to only 32 bits for usage during the keystr… |
CVE-2021-21955 | High | 7.7 | 2021-12-09 | An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of the home_security binary of Anker Eufy Homebase 2 2.1.6.9h. Gen… |
CVE-2022-22517 | High | 7.5 | 2022-04-07 | An unauthenticated, remote attacker can disrupt existing communication channels between CODESYS products by guessing a valid channel ID and injecting packets… |
CVE-2020-7566 | High | 7.3 | 2020-11-19 | A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encrypti… |
CVE-2023-6951 | Medium | 6.6 | 2024-04-02 | A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key a… |
CVE-2024-54017 | Medium | 5.3 | 2026-05-12 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V11.0), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All… |
CVE-2024-52616 | Medium | 5.3 | 2024-11-21 | A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This p… |
CVE-2022-20941 | Medium | 5.3 | 2022-11-10 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to ac… |
CVE-2024-51720 | Medium | 4.8 | 2024-11-12 | An insufficient entropy vulnerability in the SecuSUITE Secure Client Authentication (SCA) Server of SecuSUITE versions 5.0.420 and earlier could allow an attac… |
CVE-2025-3895 | | 2025-05-23 | Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value. It allows an unauth… | |
CVE-2024-6890 | | 2024-08-07 | Password reset tokens are generated using an insecure source of randomness. Attackers who know the username of the Journyx installation user can bruteforce the… | |
CVE-2022-33707 | | 2022-07-11 | Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. |