krb5: Sending a request containing PA-ENCRYPTED-CHALLENGE padata element without using FAST could result in NULL dereference in KDC which leads to DoS

A flaw was found in krb5. This flaw allows an unauthenticated attacker to cause a NULL dereference in the KDC by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST. The highest threat from this vulnerability is to system availability...

krb5: NULL pointer dereference in process_tgs_req() in kdc/do_tgs_req.c via a FAST inner body that lacks server field

A flaw was found in krb5. The Key Distribution Center KDC in MIT Kerberos 5 has a NULL pointer dereference via a FAST inner body that lacks a server field. An authenticated attacker could use this flaw to crash the Kerberos KDC server. The highest threat from this vulnerability is to system...

[SECURITY] [DSA 4977-1] xen security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4977-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 20, 2021 https://www.debian.org/security/faq -...

cmldistribution.co.uk Cross Site Scripting vulnerability OBB-2144241

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

The vulnerability of Juniper Networks Junos OS routers of the QFX5000 and EX4600 series, related to unlimited resource distribution, allows a hacker to cause service interruptions.

The vulnerability of Juniper Networks Junos OS routers of the QFX5000 and EX4600 series lies in their unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

Incident response analyst report 2020

Download full report PDF The Incident response analyst report provides insights into incident investigation services conducted by Kaspersky in 2020. We deliver a range of services to help organizations when they are in need: incident response, digital forensics and malware analysis. Data in the...

[SECURITY] [DSA 4971-1] ntfs-3g security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4971-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4968-1] haproxy security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4968-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 07, 2021 https://www.debian.org/security/faq -...

The vulnerability of the Kerberos Key Distribution Center (KDC) component of the Windows operating system, which allows a perpetrator to increase their privileges

The vulnerability of the Kerberos Key Distribution Center KDC component of the Windows operating system is related to privilege management errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

Traffic Exchange Networks Distributing Malware Disguised as Cracked Software

An ongoing campaign has been found to leverage a network of websites acting as a "dropper as a service" to deliver a bundle of malware payloads to victims looking for "cracked" versions of popular business and consumer applications. "These malware included an assortment of click fraud bots, other...

SQL Injection Vulnerability in Flash Flood Monitoring and Early Warning Distribution System of Sichuang Software Co.

Siltronic Software Ltd. is a technology-based enterprise dedicated to the cause of disaster prevention and mitigation in China. A SQL injection vulnerability exists in the Flash Flood Monitoring and Early Warning Distribution System of Siltronic Software Limited, which can be exploited by attacke...

F5 Networks BIG-IP : OpenSSL vulnerability (K42910051)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.4.4 / 15.1.4.1 / 16.1.2. It is, therefore, affected by a vulnerability as referenced in the K42910051 advisory. The X.509 GeneralName type is a generic type for representing different types of names. One of those name...

[SECURITY] [DSA 4962-1] ledgersmb security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4962-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 23, 2021 https://www.debian.org/security/faq -...

CVE-2021-37750

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field...

CVE-2021-37750

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field...

Null pointer dereference

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field...

Eclipse Cyclone DDS 缓冲区错误漏洞

Eclipse Cyclone DDS is a very high performance and robust open source DDS implementation from the Eclipse Foundation. A security vulnerability exists in Eclipse Cyclone DDS Project v0.1.0 that causes the dds subscriber server to crash...

CVE-2021-37750

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/dotgsreq.c via a FAST inner body that lacks a server field...

CVE-2021-37750

CVE-2021-37750 is a vulnerability in MIT Kerberos 5 (krb5) where the Key Distribution Center (KDC) can suffer a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field. Affected releases include krb5 before 1.18.5 and 1.19.x before 1.19.3. The issue can cause ...

MIT Kerberos 代码问题漏洞

MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed to provide strong authentication services to client/server applications through a key system. A security vulnerability...