Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-31176 | Insufficient Entropy vulnerability in Selinc Sel-451 Firmware An Insufficient Entropy vulnerability in the Schweitzer Engineering Laboratories SEL-451 could allow an unauthenticated remote attacker to brute-force session tokens and bypass authentication. See product Instruction Manual Appendix A dated 20230830 for more details. | 9.8 |
| 2023-10-25 | CVE-2023-31582 | Insufficient Entropy vulnerability in Jose4J Project Jose4J jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | 7.5 |
| 2023-08-24 | CVE-2023-34973 | Insufficient Entropy vulnerability in Qnap QTS and Quts Hero An insufficient entropy vulnerability has been reported to affect QNAP operating systems. | 5.3 |
| 2023-08-01 | CVE-2023-38357 | Insufficient Entropy vulnerability in RWS Worldserver 11.7.3 Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions. | 5.3 |
| 2023-06-20 | CVE-2023-3325 | Insufficient Entropy vulnerability in Cmscommander CMS Commander The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. | 9.8 |
| 2023-03-23 | CVE-2023-20107 | Insufficient Entropy vulnerability in Cisco Adaptive Security Appliance A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. | 7.5 |
| 2022-12-27 | CVE-2021-4238 | Insufficient Entropy vulnerability in Goutils Project Goutils 1.0.0/1.0.1/1.1.0 Randomly-generated alphanumeric strings contain significantly less entropy than expected. | 9.1 |
| 2022-09-20 | CVE-2022-34746 | Insufficient Entropy vulnerability in Zyxel products An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. | 5.9 |
| 2022-08-15 | CVE-2022-33989 | Insufficient Entropy vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. | 5.3 |
| 2022-08-15 | CVE-2022-34294 | Insufficient Entropy vulnerability in Totd Project Totd 1.5.3 totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. | 9.8 |