Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-23 | CVE-2024-20331 | Insufficient Entropy vulnerability in Cisco Adaptive Security Appliance Software A vulnerability in the session authentication functionality of the Remote Access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to prevent users from authenticating. This vulnerability is due to insufficient entropy in the authentication process. | 5.9 |
| 2024-10-15 | CVE-2024-47945 | Insufficient Entropy vulnerability in Rittal products The devices are vulnerable to session hijacking due to insufficient entropy in its session ID generation algorithm. | 9.8 |
| 2024-10-03 | CVE-2023-37822 | Insufficient Entropy vulnerability in Eufy Homebase 2 Firmware The Eufy Homebase 2 before firmware version 3.3.4.1h creates a dedicated wireless network for its ecosystem, which serves as a proxy to the end user's primary network. | 8.2 |
| 2024-09-17 | CVE-2024-8796 | Insufficient Entropy vulnerability in Tinfoilsecurity Devise-Two-Factor Under the default configuration, Devise-Two-Factor versions >= 2.2.0 & < 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. | 5.3 |
| 2024-09-10 | CVE-2024-38270 | Insufficient Entropy vulnerability in Zyxel products An insufficient entropy vulnerability caused by the improper use of a randomness function with low entropy for web authentication tokens generation exists in the Zyxel GS1900-10HP firmware version V2.80(AAZI.0)C0. | 6.5 |
| 2024-06-04 | CVE-2024-36400 | Insufficient Entropy vulnerability in VIZ Nano ID nano-id is a unique string ID generator for Rust. | 9.8 |
| 2024-02-13 | CVE-2024-25407 | Insufficient Entropy vulnerability in Steve Project Steve 3.6.0 SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. | 7.5 |
| 2024-01-10 | CVE-2023-49599 | Insufficient Entropy vulnerability in Wwbn Avideo 15Fed957Fb An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. | 9.8 |
| 2023-12-21 | CVE-2023-46648 | Insufficient Entropy vulnerability in Github Enterprise Server An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. | 7.5 |
| 2023-12-06 | CVE-2023-26154 | Insufficient Entropy vulnerability in Pubnub products Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. | 5.9 |