Vulnerabilities > Insufficient Entropy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-19 | CVE-2021-3505 | Insufficient Entropy vulnerability in multiple products A flaw was found in libtpms in versions before 0.8.0. | 5.5 |
2020-07-15 | CVE-2020-10285 | Insufficient Entropy vulnerability in Ufactory Xarm 5 Lite Firmware 1.5.0 The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. | 7.5 |
2020-06-19 | CVE-2017-18883 | Insufficient Entropy vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. | 6.4 |
2020-06-09 | CVE-2020-11957 | Insufficient Entropy vulnerability in Cypress Psoc 4.2 BLE The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4.2 component versions before 3.64 generates a random number (Pairing Random) with significantly less entropy than the specified 128 bits during BLE pairing. | 5.4 |
2020-05-08 | CVE-2020-12735 | Insufficient Entropy vulnerability in Domainmod 4.13.0 reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | 7.5 |
2020-03-27 | CVE-2020-1773 | Insufficient Entropy vulnerability in Otrs An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, password reset tokens and automatically generated passwords. | 8.1 |
2020-02-28 | CVE-2015-3006 | Insufficient Entropy vulnerability in Juniper Junos On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. | 6.8 |
2020-02-28 | CVE-2019-10064 | Insufficient Entropy vulnerability in multiple products hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. | 5.0 |
2020-01-30 | CVE-2015-8851 | Insufficient Entropy vulnerability in Node-Uuid Project Node-Uuid node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing. | 5.0 |
2019-11-04 | CVE-2013-2260 | Insufficient Entropy vulnerability in Cryptocat Project Cryptocat Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness | 5.0 |