CVE-2021-27393

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-330
View all →

Vulnerability Description

A vulnerability has been identified in Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2013.08), Nucleus Source Code (Versions including affected DNS modules). The DNS client does not properly randomize UDP port numbers of DNS requests. That could allow an attacker to poison the DNS cache or spoof DNS resolving.

Related Vulnerabilities

CVE-2010-3666

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.

CWE-3302010

CVE-2015-9019

MEDIUM
CVSS:5.3(Medium)

In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs.

CWE-3302015

CVE-2017-1000246

MEDIUM
CVSS:5.3(Medium)

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

CWE-3302017

CVE-2017-13087

MEDIUM
CVSS:5.3(Medium)

Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows reinstallation of the Group Temporal Key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame, allowing...

CWE-3302017

CVE-2017-16028

MEDIUM
CVSS:5.3(Medium)

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

CWE-3302017

CVE-2019-1010025

MEDIUM
CVSS:5.3(Medium)

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass...

CWE-3302019