Vulnerabilities > Insufficient Entropy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-12 | CVE-2014-8422 | Insufficient Entropy vulnerability in Unify Openscape Desk Phone IP SIP and Openstage SIP The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | 8.1 |
| 2017-10-24 | CVE-2014-0691 | Insufficient Entropy vulnerability in Cisco Webex Meetings Server 1.0 Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, aka Bug ID CSCuc79643. | 7.3 |
| 2017-10-05 | CVE-2017-13992 | Insufficient Entropy vulnerability in Loytec Lvis-3Me Firmware 6.1.1 An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. | 8.1 |
| 2017-08-09 | CVE-2015-7764 | Insufficient Entropy vulnerability in Netflix Lemur 0.1.4 Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode. | 7.5 |
| 2017-08-09 | CVE-2015-3405 | Insufficient Entropy vulnerability in multiple products ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys. | 7.5 |
| 2017-06-30 | CVE-2017-6030 | Insufficient Entropy vulnerability in Schneider-Electric products A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. | 6.5 |
| 2017-06-22 | CVE-2017-0897 | Insufficient Entropy vulnerability in Expressionengine ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. | 7.5 |
| 2017-04-23 | CVE-2016-2564 | Insufficient Entropy vulnerability in Invisioncommunity Invision Power Board Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. | 5.9 |
| 2016-04-07 | CVE-2016-2858 | Insufficient Entropy vulnerability in multiple products QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption. | 6.5 |
| 2008-07-08 | CVE-2008-1447 | Insufficient Entropy vulnerability in ISC Bind 4/8/9.2.9 The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug." | 6.8 |