33 matches found
CVE-2026-40355 affecting package krb5 for versions less than 1.21.3-4
CVE-2026-40355 affecting package krb5 for versions less than 1.21.3-4. A patched version of the package is available...
CVE-2026-40356 affecting package krb5 for versions less than 1.21.3-4
CVE-2026-40356 affecting package krb5 for versions less than 1.21.3-4. A patched version of the package is available...
CVE-2025-24528 affecting package krb5 for versions less than 1.21.3-3
CVE-2025-24528 affecting package krb5 for versions less than 1.21.3-3. A patched version of the package is available...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: krb5 (UTSA-2025-986178)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986178 advisory. In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length...
CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in order to protect upstream resources from scraper bots. In versions 1.21.2 and below, attackers can craft malicious pass-challenge pages that cause a user to execute arbitrary JavaScript...
Komga 安全漏洞
Komga is a media server for comics, magazines, and eBooks by Gauthier Personal Developers. A security vulnerability exists in Komga versions 1.8.0 through 1.21.3, which stems from the presence of cross-site scripting in the EPUB resource that could lead to execution of operations as a victim...
EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2506)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...
CVE-2024-45401
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2024-45401 stripe-cli Path Traversal vulnerability
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2024-45401 stripe-cli Path Traversal vulnerability
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2024-45401 stripe-cli Path Traversal vulnerability
stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags...
CVE-2024-45401
Summary: CVE-2024-45401 affects stripe-cli. In versions 1.11.1 up to, but not including, 1.21.3, a plugin package with a manifest containing a malformed plugin shortname installed via --archive-url or --archive-path could overwrite arbitrary files (path traversal). Impact: local file overwrite vi...
PT-2024-31605 · Stripe · Stripe Cli
Name of the Vulnerable Software and Affected Versions: stripe-cli versions 1.11.1 through 1.21.2 Description: A path traversal vulnerability exists in stripe-cli where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flag...
CVE-2024-26461 affecting package krb5 for versions less than 1.21.3-1
CVE-2024-26461 affecting package krb5 for versions less than 1.21.3-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1
CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1. An upgraded version of the package is available that resolves this issue...
In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the application.
...
CVE-2024-26461 affecting package krb5 for versions less than 1.19.4-3
CVE-2024-26461 affecting package krb5 for versions less than 1.19.4-3. A patched version of the package is available...
@a-type/ui (>=0.8.17 <=1.2.3), @adminjs/design-system (>=3.0.0 <=3.1.1) +369 more potentially affected by unknown CVE via prosemirror-model (>=1.0.1 <=1.21.3)
prosemirror-model NPM version =1.0.1, =0.8.17, =3.0.0, =0.1.0, =0.0.1, =13.1.0, =10.4.0, =0.0.2, =3.0.0, =16.0.0, =0.0.1, =7.0.0, =47.0.0, =8.0.0, =126.0.0, =194.4.0 and more Source cves: unknown CVE Source advisory: SNYK:JS-PROSEMIRRORMODEL-7838221...
SUSE CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
AZL-42996 CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...