Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
CVE-2008-0166 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2008-0166
OpenSSL 0.9.8c-1 up to versions prior to 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote malicious users to conduct brute force guessing attacks against cryptographic keys.
Openssl Openssl
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 6.06
Debian Debian Linux 4.0
3 EDB exploits
24 Github repositories
NA
CVE-2008-2285
The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not recognize authorized_keys lines that contain options, which makes it easier for remote malicious users to exploit CVE-2008-0166 by guessing a key that was not identified by this tool.
Ubuntu Linux 7.04
Ubuntu Linux 7.10
Ubuntu Linux 8.04
5.9
CVSSv3
CVE-2008-3280
It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS ...
Openid Openid -
1 EDB exploit
NA
CVE-2007-4995
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 prior to 0.9.8f allows remote malicious users to execute arbitrary code via unspecified vectors.
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.8e
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8
Openssl Openssl 0.9.8a
NA
CVE-2007-3108
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and previous versions does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
Openssl Openssl
NA
CVE-2007-4752
ssh in OpenSSH prior to 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows malicious users to violate intended policy and gain privileges by causing an X client to be treated as trusted.
Openbsd Openssh 4.3p2
Openbsd Openssh 4.3p1
Openbsd Openssh 4.0
Openbsd Openssh 4.3
Openbsd Openssh 4.2p1
Openbsd Openssh 4.4p1
Openbsd Openssh 4.4
Openbsd Openssh 4.1
Openbsd Openssh 4.0p1
Openbsd Openssh
Openbsd Openssh 4.5
Openbsd Openssh 4.2
Openbsd Openssh 4.1p1
NA
CVE-2008-1483
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and sniffing a cookie sent by Emac...
Openbsd Openssh 4.3p2
10
CVSSv3
CVE-2021-44228
Apache Log4j2 2.0-beta9 up to and including 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can contr...
Apache Log4j 2.0
Apache Log4j
Siemens Sppa-t3000 Ses3000 Firmware
Siemens Logo\\! Soft Comfort
Siemens Spectrum Power 4 4.70
Siemens Spectrum Power 4
Siemens Siveillance Control Pro
Siemens Energyip Prepay 3.7
Siemens Energyip Prepay 3.8
Siemens Siveillance Identity 1.6
Siemens Siveillance Identity 1.5
Siemens Siveillance Command
Siemens Sipass Integrated 2.85
Siemens Sipass Integrated 2.80
Siemens Head-end System Universal Device Integration System
Siemens Gma-manager
Siemens Energyip 8.5
Siemens Energyip 8.6
Siemens Energyip 8.7
Siemens Energyip 9.0
Siemens Energy Engage 3.1
Siemens E-car Operation Center
2 Metasploit modules
1177 Github repositories
28 Articles
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started