USN-8325-1: tgt vulnerability

It was discovered that tgt incorrectly tried to achieve entropy by calling rand without srand. An attacker could possibly use this issue to make tgt generate an identical sequence of challenges, resulting in authentication bypass...

USN-8152-1 linux-oem-6.17 vulnerabilities

It was discovered that some AMD Zen 5 processors supporting RDSEED instruction did not properly handle entropy, potentially resulting in the consumption of insufficiently random values. A local attacker could possibly use this issue to influence the values returned by the RDSEED instruction causi...

Amazon Linux 2023 : amd-ucode-firmware, iwl100-firmware, iwl105-firmware (ALAS2023-2025-1307)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1307 advisory. Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity. CVE-2025-54514 Improper...

Linux Distros Unpatched Vulnerability : CVE-2025-13353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In gokey versions 0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM...

EUVD-2012-4823

Malware in sbrugna...

EUVD-2015-3088

Malware in sbrugna...

EUVD-2024-45518

Malicious code in bioql PyPI...

EUVD-2024-37235

Malicious code in bioql PyPI...

PT-2025-13414

Name of the Vulnerable Software and Affected Versions Data::Entropy versions 0.007 and earlier Description The issue concerns the use of the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Recommendations For Data::Entropy versio...

DEBIAN-CVE-2024-45751

tgt aka Linux target framework before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical...

Use Of Insufficiently Random Values

zendframework/zendframework is vulnerable to insufficient entropy. The vulnerability is due to using PHP's mtrand function as a fallback for generating random bytes, which is predictable and susceptible to brute force attacks on the seed...

Design/Logic Flaw

An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline...

WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability

Talos Vulnerability Report TALOS-2023-1896 WWBN AVideo userRecoverPass.php recoverPass generation insufficient entropy vulnerability January 10, 2024 CVE Number CVE-2023-49589 SUMMARY An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of...

c-ares 安全特征问题漏洞

c-ares is a C library for asynchronous DNS requests from the individual developers of c-ares. A security vulnerability exists in versions prior to c-ares 1.19.1, which stems from a lack of entropy that allows an attacker to exploit entropy by not using CSPRNG...

CVE-2023-31290

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input...

Cisco Adaptive Security Appliances Software 安全特征问题漏洞

Cisco Adaptive Security Appliances Software ASA Software is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides features such as highly secure access to data and network resources. A security vulnerability exists in Cisco Adaptive Security...

CVE-2022-34746

An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring...

Sagemcom [email protected] 5260 Router Insufficient Default PSK Entropy Vulnerability

Sagemcom email protected 5260 routers on firmware version 0.4.39 and possibly others, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small. 0day.tod...

CVE-2018-1000620

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...

CVE-2018-1000620

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...