Vulnerabilities > Insufficient Entropy

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-49599 Insufficient Entropy vulnerability in Wwbn Avideo 15Fed957Fb
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb.
network
low complexity
wwbn CWE-331
critical
9.8
2023-12-21 CVE-2023-46648 Insufficient Entropy vulnerability in Github Enterprise Server
An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console.
network
high complexity
github CWE-331
7.5
2023-12-06 CVE-2023-26154 Insufficient Entropy vulnerability in Pubnub products
Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm.
network
high complexity
pubnub CWE-331
5.9
2023-11-30 CVE-2023-31176 Insufficient Entropy vulnerability in Selinc Sel-451 Firmware
An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication.  See product Instruction Manual Appendix A dated 20230830 for more details.
network
low complexity
selinc CWE-331
critical
9.8
2023-10-25 CVE-2023-31582 Insufficient Entropy vulnerability in Jose4J Project Jose4J
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
network
low complexity
jose4j-project CWE-331
7.5
2023-08-24 CVE-2023-34973 Insufficient Entropy vulnerability in Qnap QTS and Quts Hero
An insufficient entropy vulnerability has been reported to affect QNAP operating systems.
network
low complexity
qnap CWE-331
5.3
2023-08-01 CVE-2023-38357 Insufficient Entropy vulnerability in RWS Worldserver 11.7.3
Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.
network
low complexity
rws CWE-331
5.3
2023-07-03 CVE-2023-36610 Insufficient Entropy vulnerability in Ovarro products
?The affected TBox RTUs generate software security tokens using insufficient entropy.
network
high complexity
ovarro CWE-331
5.9
2023-06-20 CVE-2023-3325 Insufficient Entropy vulnerability in Cmscommander CMS Commander
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287.
network
low complexity
cmscommander CWE-331
critical
9.8
2023-02-07 CVE-2022-43755 Insufficient Entropy vulnerability in Suse Rancher
A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed.
network
low complexity
suse CWE-331
critical
9.8