128 matches found
Fedora Core 9 FEDORA-2009-2834 (krb5)
The remote host is missing an update to krb5 announced via advisory FEDORA-2009-2834. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
[SECURITY] [DSA 1766-1] New krb5 packages fix several vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA-1766-1 [email protected] http://www.debian.org/security/ Nico Golde April 9th, 2009 http://www.debian.org/security/faq -...
CVE-2009-0846
The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...
openSUSE 10 Security Update : krb5 (krb5-6139)
Clients sending negotiation requests with invalid flags could crash the kerberos server CVE-2009-0845. GSS-API clients could crash when reading from an invalid address space CVE-2009-0844. Invalid length checks could crash applications using the kerberos ASN.1 parser CVE-2009-0847. Under certain...
CVE-2009-0846
The CVE-2009-0846 issue is in MIT Kerberos 5 (krb5) before 1.6.4. The ASN.1 GeneralizedTime decoder’s asn1_decode_generaltime function triggers a free of an uninitialized pointer when processing invalid DER encoding, enabling a remote attacker to cause a denial of service (daemon crash) or possib...
RHEL 4 : krb5 (RHSA-2009:0409)
The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2009:0409 advisory. Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted...
RHEL 2.1 / 3 : krb5 (RHSA-2009:0410)
Updated krb5 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authentica...
RHEL 5 : krb5 (RHSA-2009:0408)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0408 advisory. - krb5: buffer over-read in SPNEGO GSS-API mechanism MITKRB5-SA-2009-001 CVE-2009-0844 - krb5: NULL pointer dereference in GSSAPI SPNEGO...
krb5 security update
CentOS Errata and Security Advisory CESA-2009:0410 Updated krb5 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication...
Important: Red Hat Security Advisory: krb5 security update
Updated krb5 packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to...
krb5 security update
1.6.1-31.el53.3 - update to revised patch for CVE-2009-0844/CVE-2009-0845 1.6.1-31.el53.2 - add fix for potential buffer read overrun in the SPNEGO GSSAPI mechanism 490635, CVE-2009-0844 - add fix for NULL pointer dereference when handling certain error cases in the SPNEGO GSSAPI mechanism 490635...
CVE-2008-0846
CVE-2008-0846 is a SQL injection vulnerability in Joomla!’s com_profile component (index.php) that allows remote attackers to supply an oid parameter to execute arbitrary SQL commands. The description across multiple trusted sources confirms the same flaw and parameter. The NVD entry lists the af...
CVE-2007-0846
Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...
CVE-2007-0846
CVE-2007-0846 is an XSS vulnerability in Open Tibia Server CMS (OTSCMS) ≤ 2.1.5, exploitable via the name parameter in forum.php. The underlying issue is improper input handling that allows arbitrary HTML/script injection, enabling an attacker to influence pages viewed by other users. The CVSS ba...
CVE-2007-0846
Cross-site scripting XSS vulnerability in forum.php in Open Tibia Server CMS OTSCMS 2.1.5 and earlier allows remote attackers to inject arbitrary HTML or web script via the name parameter...
CVE-2006-0846
CVE-2006-0846 affects Leif M. Wright’s Blog 3.5. Multiple XSS vulnerabilities allow remote attackers to inject arbitrary scripts via the Referer and User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the Log page (ViewCommentsLog). Root cause: l...
CVE-2005-0846
CVE-2005-0846 affects NetWin SurgeMail 2.2g3 and describes multiple XSS vulnerabilities in the email auto-reply message, exploitable via the (1) message subject or (2) message header field to inject arbitrary web script/HTML. Exploitation details are not provided beyond this, but a remediation is...
CVE-2004-0846
Microsoft Excel is affected by CVE-2004-0846 due to a buffer overflow from improper validation of certain records/parameters in Excel files. The vulnerability affects Excel 2000, Excel 2002, Excel 2001 for Mac, and Excel v.X for Mac; Excel 2004 for Mac and Office 2003/XP SP3 are not affected. An ...
CVE-2003-0846
SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .javawrapper temporary file...
CVE-2003-0846
CVE-2003-0846 affects SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro. The issue enables local users to overwrite arbitrary files via a symlink attack on the temporary file .java_wrapper, indicating a local elevation/impact on file integrity. The CVSS metrics in the initial entry...