370 matches found
CVE-2026-11403
The CVE affects Sonatype Nexus Repository Manager. The flaw is in the format-specific API key generation, where a remote attacker could gain unauthorized access to repository operations as a targeted user if a format-specific API key realm (NuGet API Key, Docker Bearer Token, or npm Bearer Token)...
USN-8520-1: Expat vulnerability
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service...
CVE-2026-13199
CVE-2026-13199 affects Raspberry Pi 5 and Compute Module 5 EEPROM firmware. The issue is that the EEPROM produced non-random KASLR and RNG seed values, resulting in consistent kernel addresses across boots and devices. This may lower entropy and potentially ease exploitation of other vulnerabilit...
OESA-2026-2499 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...
OESA-2026-2498 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...
OESA-2026-2295 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...
OESA-2026-2294 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...
OESA-2026-2293 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.CVE-2026-41080...
CVE-2026-4827
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...
EUVD-2026-29459
CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...
CVE-2026-4827
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...
CVE-2026-4827
CWE‑331 Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...
CVE-2026-4827 Insufficient Entropy vulnerability on Multiple Products
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...
CVE-2026-4827 Insufficient Entropy vulnerability on Multiple Products
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections...
PT-2026-40017
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description Insufficient Entropy occurs when the randomness used in session-management protections is inadequate, potentially allowing a network-based attacker to gain...
Insufficient Entropy
Overview Affected versions of this package are vulnerable to Insufficient Entropy in the xml.parsers.expat and xml.etree.ElementTree components. An attacker can cause excessive CPU consumption and degrade service availability by submitting specially crafted XML documents designed to trigger hash...
CVE-2026-7210
xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...
CVE-2026-7210
CVE-2026-7210 affects Python XML parsers: xml.parsers.expat and xml.etree.ElementTree suffer from insufficient entropy in Expat hash-flooding protection, allowing a crafted XML to trigger flooding. Mitigation requires updating libexpat to 2.8.0+ and applying the accompanying patch. Connected note...
JLSEC-2026-384
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...
CVE-2026-40514
SmarterTools SmarterMail builds prior to 9610 are affected by a cryptographic weakness in file and email sharing endpoints. DES-CBC is used with keys and IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to about 19,000 values. An unauthenticated attacker ca...