Lucene search
K

96 matches found

Mozilla
Mozilla
added 2012/06/05 12:0 a.m.51 views

NSS parsing errors with zero length items — Mozilla

Security researcher Kaspar Brand found a flaw in how the Network Security Services NSS ASN.1 decoder handles zero length items. Effects of this issue depend on the field. One known symptom is an unexploitable crash in handling OCSP responses. NSS also mishandles zero-length basic constraints,...

5CVSS0.9AI score0.02945EPSS
Exploits0References2Affected Software5
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.14 views

CentOS Update for krb5-devel CESA-2009:0409 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

10CVSS7.9AI score0.08898EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.25 views

CentOS Update for krb5 CESA-2009:0410-01 centos2 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

10CVSS7.9AI score0.08898EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2009/12/14 12:0 a.m.31 views

Mandriva Security Advisory MDVSA-2009:098-1 (krb5)

The remote host is missing an update to krb5 announced via advisory MDVSA-2009:098-1. OpenVAS Vulnerability Test $Id: mdksa20090981.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:098-1 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

10CVSS1AI score0.08898EPSS
Exploits3
OpenVAS
OpenVAS
added 2009/05/05 12:0 a.m.35 views

Mandrake Security Advisory MDVSA-2009:098 (krb5)

The remote host is missing an update to krb5 announced via advisory MDVSA-2009:098. OpenVAS Vulnerability Test $Id: mdksa2009098.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:098 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

10CVSS1.7AI score0.08898EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.35 views

FreeBSD : krb5 -- ASN.1 decoder denial-of-service vulnerability (bd60922b-fb8d-11d8-a13e-000a95bc6fae)

An advisory published by the MIT Kerberos team says : The ASN.1 decoder library in the MIT Kerberos 5 distribution is vulnerable to a denial-of-service attack causing an infinite loop in the decoder. The KDC is vulnerable to this attack. An unauthenticated remote attacker can cause a KDC or...

5CVSS8.1AI score0.05585EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2009/04/15 12:0 a.m.27 views

SuSE Security Advisory SUSE-SA:2009:019 (krb5)

The remote host is missing updates announced in advisory SUSE-SA:2009:019. OpenVAS Vulnerability Test $Id: susesa2009019.nasl 6668 2017-07-11 13:34:29Z cfischer $ Description: Auto-generated from advisory SUSE-SA:2009:019 krb5 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

10CVSS0.6AI score0.08898EPSS
Exploits3
Prion
Prion
added 2009/04/09 12:30 a.m.25 views

Design/Logic Flaw

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

4.3CVSS6.8AI score0.02773EPSS
Exploits1References38Affected Software1
OSV
OSV
added 2009/04/09 12:30 a.m.7 views

CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

6.3AI score
Exploits0References38
NVD
NVD
added 2009/04/09 12:30 a.m.31 views

CVE-2009-0847

The asn1bufimbed function in the ASN.1 decoder in MIT Kerberos 5 aka krb5 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service application crash via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmeti...

4.3CVSS7.1AI score0.02773EPSS
Exploits1References38
OSV
OSV
added 2009/04/09 12:0 a.m.36 views

DSA-1766-1 krb5 - several vulnerabilities

Bulletin has no description...

10CVSS6.3AI score0.08898EPSS
Exploits3
CVE
CVE
added 2009/04/09 12:0 a.m.94 views

CVE-2009-0847

CVE-2009-0847 affects MIT Kerberos 5 (krb5) SPNEGO/GSS-API and the ASN.1 decoder. The OVMSA-2009-0003 advisory documents that 1.5–1.6.3 krb5 releases are vulnerable to crafted DER/length values, enabling remote attackers to crash daemons (and potentially execute code) due to length validation and...

4.3CVSS7.1AI score0.02773EPSS
Exploits1References38Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/04/08 12:0 a.m.32 views

RHEL 5 : krb5 (RHSA-2009:0408)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2009:0408 advisory. - krb5: buffer over-read in SPNEGO GSS-API mechanism MITKRB5-SA-2009-001 CVE-2009-0844 - krb5: NULL pointer dereference in GSSAPI SPNEGO...

10CVSS7.7AI score0.08898EPSS
Exploits3References10
securityvulns
securityvulns
added 2009/04/08 12:0 a.m.80 views

MITKRB5-SA-2009-001: multiple vulnerabilities in SPNEGO, ASN.1 decoder [CVE-2009-0844 CVE-2009-0845 CVE-2009-0847]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2009-001 MIT krb5 Security Advisory 2009-001 Original release: 2009-04-07 Last update: 2009-04-07 Topic: multiple vulnerabilities in SPNEGO, ASN.1 decoder CVE-2009-0844 SPNEGO implementation can read beyond buffer end CVSSv2 Vector:...

5.8CVSS6.9AI score0.05628EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2009/04/08 12:0 a.m.16 views

RHEL 2.1 / 3 : krb5 (RHSA-2009:0410)

Updated krb5 packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1 and 3. This update has been rated as having critical security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authentica...

10CVSS7.5AI score0.08898EPSS
Exploits3References7
securityvulns
securityvulns
added 2009/04/08 12:0 a.m.61 views

MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2009-002 MIT krb5 Security Advisory 2009-002 Original release: 2009-04-07 Last update: 2009-04-07 Topic: ASN.1 decoder frees uninitialized pointer CVE-2009-0846 ASN.1 GeneralizedTime decoder can free uninitialized pointer CVSSv2 Vector:...

10CVSS7.5AI score0.08898EPSS
Exploits0
Oracle linux
Oracle linux
added 2009/04/07 12:0 a.m.35 views

krb5 security update

1.3.4-60.el47.2 - whoops, actually add the patches 1.3.4-60.el47.1 - add fix for attempt to free uninitialized pointer in the ASN.1 decoder 491835, CVE-2009-0846 - add fix for bug in length validation in the ASN.1 decoder CVE-2009-0847...

10CVSS2.6AI score0.08898EPSS
Exploits1
Oracle linux
Oracle linux
added 2009/04/07 12:0 a.m.44 views

krb5 security update

1.2.7-70 - override $SHLIBEXPFLAGS at build-time to ensure that shared libraries don't include an RPATH internal tools 1.2.7-69 - add backported fix for attempt to free uninitialized pointer in the ASN.1 decoder 491834, CVE-2009-0846 - add backported fix for bug in length validation in the ASN.1...

10CVSS2.4AI score0.08898EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2008/07/09 2:44 p.m.3 views

OpenLDAP denial-of-service flaw in ASN.1 decoder

liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service program termination via crafted ASN.1 BER datagrams that trigger an assertion error...

5CVSS5.9AI score0.13173EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.28 views

Debian Security Advisory DSA 1171-1 (ethereal)

The remote host is missing an update to ethereal announced via advisory DSA 1171-1. Several remote vulnerabilities have been discovered in the Ethereal network scanner, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following...

7.5CVSS0.4AI score0.10826EPSS
Exploits0
Rows per page
Query Builder