CVE-2024-25407

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-331
View all →

Vulnerability Description

SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions.

Related Vulnerabilities

CVE-2001-0950

HIGH
CVSS:7.5(High)

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generat...

CWE-3312001

CVE-2015-3405

HIGH
CVSS:7.5(High)

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is betwee...

CWE-3312015

CVE-2015-7764

HIGH
CVSS:7.5(High)

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

CWE-3312015

CVE-2015-8851

HIGH
CVSS:7.5(High)

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CWE-3312015

CVE-2018-15812

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CWE-3312018

CVE-2018-18326

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15...

CWE-3312018