Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-15703 | Insufficient Entropy vulnerability in Fortinet Fortios An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | 7.5 |
| 2019-09-02 | CVE-2019-15847 | Insufficient Entropy vulnerability in multiple products The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. | 7.5 |
| 2019-08-09 | CVE-2019-14806 | Insufficient Entropy vulnerability in multiple products Pallets Werkzeug before 0.15.3, when used with Docker, has insufficient debugger PIN randomness because Docker containers share the same machine id. | 7.5 |
| 2019-07-03 | CVE-2018-18326 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |
| 2019-07-03 | CVE-2018-15812 | Insufficient Entropy vulnerability in Dnnsoftware Dotnetnuke 9.2/9.2.0/9.2.1 DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy. | 7.5 |
| 2019-03-05 | CVE-2019-9555 | Insufficient Entropy vulnerability in Sagemcom F@St 5260 Firmware 0.4.39 Sagemcom F@st 5260 routers using firmware version 0.4.39, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. | 5.3 |
| 2018-09-13 | CVE-2018-8435 | Insufficient Entropy vulnerability in Microsoft Windows 10 and Windows Server 2016 A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | 4.2 |
| 2018-07-09 | CVE-2018-1000620 | Insufficient Entropy vulnerability in Cryptiles Project Cryptiles 4.1.1 Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. | 9.8 |
| 2018-05-16 | CVE-2018-10240 | Insufficient Entropy vulnerability in Solarwinds Serv-U SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. | 7.3 |
| 2018-04-12 | CVE-2014-8422 | Insufficient Entropy vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | 8.1 |