Vulnerabilities > Insufficient Entropy

DATE CVE VULNERABILITY TITLE RISK
2019-10-24 CVE-2019-15703 Insufficient Entropy vulnerability in Fortinet Fortios
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
network
high complexity
fortinet CWE-331
2.6
2019-09-02 CVE-2019-15847 Insufficient Entropy vulnerability in GNU GCC
The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator.
network
low complexity
gnu CWE-331
5.0
2019-08-09 CVE-2019-14806 Insufficient Entropy vulnerability in multiple products
Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id.
network
low complexity
palletsprojects opensuse CWE-331
7.5
2019-07-03 CVE-2018-18326 Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy.
network
low complexity
dnnsoftware CWE-331
7.5
2019-07-03 CVE-2018-15812 Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
network
low complexity
dnnsoftware CWE-331
7.5
2019-03-05 CVE-2019-9555 Insufficient Entropy vulnerability in Sagemcom F@St 5260 Firmware 0.4.39
Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy.
network
low complexity
sagemcom CWE-331
5.0
2018-09-13 CVE-2018-8435 Insufficient Entropy vulnerability in Microsoft Windows 10 and Windows Server 2016
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
2.3
2018-07-27 CVE-2017-2626 Insufficient Entropy vulnerability in multiple products
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys.
local
low complexity
freedesktop redhat CWE-331
5.5
2018-07-27 CVE-2017-2625 Insufficient Entropy vulnerability in multiple products
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys.
local
low complexity
x-org redhat CWE-331
5.5
2018-07-09 CVE-2018-1000620 Insufficient Entropy vulnerability in Cryptiles Project Cryptiles 4.1.1
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random..
network
low complexity
cryptiles-project CWE-331
5.0