CVE-2024-22473

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-331
View all →

Vulnerability Description

TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0.

Related Vulnerabilities

CVE-2001-0950

HIGH
CVSS:7.5(High)

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generat...

CWE-3312001

CVE-2015-3405

HIGH
CVSS:7.5(High)

ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is betwee...

CWE-3312015

CVE-2015-7764

HIGH
CVSS:7.5(High)

Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.

CWE-3312015

CVE-2015-8851

HIGH
CVSS:7.5(High)

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CWE-3312015

CVE-2018-15812

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.1 incorrectly converts encryption key source values, resulting in lower than expected entropy.

CWE-3312018

CVE-2018-18326

HIGH
CVSS:7.5(High)

DNN (aka DotNetNuke) 9.2 through 9.2.2 incorrectly converts encryption key source values, resulting in lower than expected entropy. NOTE: this issue exists because of an incomplete fix for CVE-2018-15...

CWE-3312018