Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-26154 | Insufficient Entropy vulnerability in Pubnub products Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. | 5.9 |
| 2023-11-30 | CVE-2023-31176 | Insufficient Entropy vulnerability in Selinc Sel-451 Firmware An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | 9.8 |
| 2023-10-25 | CVE-2023-31582 | Insufficient Entropy vulnerability in Jose4J Project Jose4J jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | 7.5 |
| 2023-08-24 | CVE-2023-34973 | Insufficient Entropy vulnerability in Qnap QTS and Quts Hero An insufficient entropy vulnerability has been reported to affect QNAP operating systems. | 5.3 |
| 2023-08-01 | CVE-2023-38357 | Insufficient Entropy vulnerability in RWS Worldserver 11.7.3 Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. | 5.3 |
| 2023-06-20 | CVE-2023-3325 | Insufficient Entropy vulnerability in Cmscommander CMS Commander The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. | 9.8 |
| 2023-03-23 | CVE-2023-20107 | Insufficient Entropy vulnerability in Cisco Adaptive Security Appliance A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. | 7.5 |
| 2022-12-27 | CVE-2021-4238 | Insufficient Entropy vulnerability in Goutils Project Goutils 1.0.0/1.0.1/1.1.0 Randomly-generated alphanumeric strings contain significantly less entropy than expected. | 9.1 |
| 2022-09-20 | CVE-2022-34746 | Insufficient Entropy vulnerability in Zyxel products An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. | 5.9 |
| 2022-08-15 | CVE-2022-33989 | Insufficient Entropy vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. | 5.3 |