Filtered by CWE-331
Filtered by vendor Subscriptions
Total 92 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-10064 2 Debian, W1.fi 2 Debian Linux, Hostapd 2024-11-21 7.5 High
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
CVE-2018-8435 1 Microsoft 2 Windows 10, Windows Server 2016 2024-11-21 N/A
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
CVE-2018-18326 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 7.5 High
DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15812.
CVE-2018-15812 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 7.5 High
DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.
CVE-2018-10240 1 Solarwinds 1 Serv-u 2024-11-21 N/A
SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token's value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user's session.
CVE-2018-1000620 1 Cryptiles Project 1 Cryptiles 2024-11-21 9.8 Critical
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
CVE-2017-6030 1 Schneider-electric 6 Modicon M221, Modicon M221 Firmware, Modicon M241 and 3 more 2024-11-21 6.5 Medium
A Predictable Value Range from Previous Values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.
CVE-2017-2626 2 Freedesktop, Redhat 7 Libice, Enterprise Linux, Enterprise Linux Desktop and 4 more 2024-11-21 N/A
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
CVE-2017-2625 2 Redhat, X.org 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2024-11-21 N/A
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
CVE-2017-18883 1 Mattermost 1 Mattermost Server 2024-11-21 9.1 Critical
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.
CVE-2017-13992 1 Loytec 2 Lvis-3me, Lvis-3me Firmware 2024-11-21 N/A
An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.
CVE-2017-0897 1 Expressionengine 1 Expressionengine 2024-11-21 N/A
ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.
CVE-2016-5300 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Android and 1 more 2024-11-21 N/A
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
CVE-2016-4980 3 Ethz, Fedoraproject, Redhat 3 Xquest, Fedora, Enterprise Linux 2024-11-21 2.5 Low
A password generation weakness exists in xquest through 2016-06-13.
CVE-2016-2858 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-11-21 6.5 Medium
QEMU, when built with the Pseudo Random Number Generator (PRNG) back-end support, allows local guest OS users to cause a denial of service (process crash) via an entropy request, which triggers arbitrary stack based allocation and memory corruption.
CVE-2016-2564 1 Invisioncommunity 1 Invision Power Board 2024-11-21 N/A
Invision Power Services (IPS) Community Suite before 4.1.9 makes session hijack easier by relying on the PHP uniqid function without the more_entropy flag. Attackers can guess an Invision Power Board session cookie if they can predict the exact time of cookie generation.
CVE-2016-10743 1 W1.fi 1 Hostapd 2024-11-21 7.5 High
hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.
CVE-2015-8851 2 Node-uuid Project, Redhat 2 Node-uuid, Openshift 2024-11-21 7.5 High
node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.
CVE-2015-7764 1 Netflix 1 Lemur 2024-11-21 7.5 High
Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.
CVE-2015-3405 7 Debian, Fedoraproject, Ntp and 4 more 14 Debian Linux, Fedora, Ntp and 11 more 2024-11-21 N/A
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.