Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-02 | CVE-2018-9426 | Insufficient Entropy vulnerability in Google Android In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. | 7.5 |
| 2024-10-23 | CVE-2024-20331 | Insufficient Entropy vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerability is due to insufficient entropy in the authentication process. | 5.9 |
| 2024-10-15 | CVE-2024-47945 | Insufficient Entropy vulnerability in Rittal products The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. | 9.8 |
| 2024-10-03 | CVE-2023-37822 | Insufficient Entropy vulnerability in Eufy Homebase 2 Firmware The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. | 8.2 |
| 2024-09-17 | CVE-2024-8796 | Insufficient Entropy vulnerability in Tinfoilsecurity Devise-Two-Factor Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. | 5.3 |
| 2024-09-10 | CVE-2024-38270 | Insufficient Entropy vulnerability in Zyxel products An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. | 6.5 |
| 2024-06-04 | CVE-2024-36400 | Insufficient Entropy vulnerability in VIZ Nano ID nano-id is a unique string ID generator for Rust. | 9.8 |
| 2024-02-21 | CVE-2024-22473 | Insufficient Entropy vulnerability in Silabs Gecko Software Development KIT TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. | 7.5 |
| 2024-02-13 | CVE-2024-25407 | Insufficient Entropy vulnerability in Steve Project Steve 3.6.0 SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. | 7.5 |
| 2023-12-21 | CVE-2023-46648 | Insufficient Entropy vulnerability in Github Enterprise Server An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. | 7.5 |