Vulnerabilities > Insufficient Entropy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-24 | CVE-2019-15703 | Insufficient Entropy vulnerability in Fortinet Fortios An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | 2.6 |
2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in GNU GCC The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 5.0 |
2019-08-09 | CVE-2019-14806 | Insufficient Entropy vulnerability in multiple products Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 7.5 |
2019-07-03 | CVE-2018-18326 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |
2019-07-03 | CVE-2018-15812 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1 DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |
2019-03-05 | CVE-2019-9555 | Insufficient Entropy vulnerability in Sagemcom F@St 5260 Firmware 0.4.39 Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. | 5.0 |
2018-09-13 | CVE-2018-8435 | Insufficient Entropy vulnerability in Microsoft Windows 10 and Windows Server 2016 A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 2.3 |
2018-07-27 | CVE-2017-2626 | Insufficient Entropy vulnerability in multiple products It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. | 5.5 |
2018-07-27 | CVE-2017-2625 | Insufficient Entropy vulnerability in multiple products It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. | 5.5 |
2018-07-09 | CVE-2018-1000620 | Insufficient Entropy vulnerability in Cryptiles Project Cryptiles 4.1.1 Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. | 5.0 |