Skip to main content

CWE-332

Insufficient Entropy in PRNG

8 CVEs Avg CVSS 6.8 MITRE
1
CRITICAL
5
HIGH
1
MEDIUM
1
LOW
0
POC
0
KEV

Monthly

CVE-2026-3290 HIGH PATCH This Week

Hardware random number generator (HRNG) in Silicon Labs RS9116 SDK versions up to 2.13.1 produces predictable cryptographic values when the wireless module operates in power save mode, enabling adjacent attackers with user interaction to compromise encrypted communications and authentication mechanisms. Vendor patch available via GitHub; no active exploitation confirmed but cryptographic weakness poses high risk to WiFi/Bluetooth IoT deployments relying on the affected module's entropy source.

Information Disclosure Rs9116 Sdk
NVD GitHub
CVSS 4.0
7.4
EPSS
0.0%
CVE-2023-20107 HIGH This Week

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2019-1715 HIGH This Week

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Device Manager Firepower Threat Defense
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9057 Go CRITICAL PATCH Act Now

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Information Disclosure Terraform
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2017-9371 LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able. Rated low severity (CVSS 2.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
CVSS 3.1
2.6
EPSS
0.2%
CVE-2014-9690 HIGH This Week

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ws318 Firmware
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-9154 HIGH This Week

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Desigo Web Module Pxa30 W0 Firmware Desigo Web Module Pxa30 W1 Firmware Desigo Web Module Pxa30 W2 Firmware +3
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2014-0016 MEDIUM PATCH This Month

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure OpenSSL Stunnel
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Hardware random number generator (HRNG) in Silicon Labs RS9116 SDK versions up to 2.13.1 produces predictable cryptographic values when the wireless module operates in power save mode, enabling adjacent attackers with user interaction to compromise encrypted communications and authentication mechanisms. Vendor patch available via GitHub; no active exploitation confirmed but cryptographic weakness poses high risk to WiFi/Bluetooth IoT deployments relying on the affected module's entropy source.

Information Disclosure Rs9116 Sdk
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the Deterministic Random Bit Generator (DRBG), also known as Pseudorandom Number Generator (PRNG), used in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Device Manager +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform Amazon Web Services (AWS) provider through v1.12.0 has an inappropriate PRNG algorithm and seeding, which makes it easier for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Hashicorp Information Disclosure Terraform
NVD GitHub
EPSS 0% CVSS 2.6
LOW Monitor

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able. Rated low severity (CVSS 2.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Qnx Software Development Platform
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Huawei home gateways WS318 with software V100R001C01B022 and earlier versions are affected by the PIN offline brute force cracking vulnerability of the WPS protocol because the random number. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Ws318 Firmware
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D (All firmware versions < V6.00.046) and Desigo PX Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Siemens Desigo Web Module Pxa30 W0 Firmware +5
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

stunnel before 5.00, when using fork threading, does not properly update the state of the OpenSSL pseudo-random number generator (PRNG), which causes subsequent children with the same process ID to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Information Disclosure OpenSSL Stunnel
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy