JLSEC-2026-48

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CLSA-2026-1774366569 Fix CVE(s): CVE-2026-3497

SECURITY UPDATE: pre-auth crash via GSSAPI key exchange - debian/patches/CVE-2026-3497.patch: replace sshpktdisconnect with sshpacketdisconnect and initialize gssbufferdesc variables in kexgssc.c, kexgsss.c. - CVE-2026-3497...

SUSE CVE-2025-58181

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption...

EUVD-2005-1127

Malware in sbrugna...

EUVD-2010-0659

Malware in sbrugna...

EUVD-2010-1350

Malware in sbrugna...

EUVD-2022-34729

Malicious code in bioql PyPI...

curl: Race condition on global `gss_context` during SOCKS5 GSS-API negotiation in libcurl

Summary: Concurrent SOCKS5 GSS-API authentications share a file-scope global gsscontext without synchronization, causing data races and undefined behavior. - Global context defined at: 52:54:curl/lib/socksgssapi.c static gssctxidt gsscontext = GSSCNOCONTEXT; - Passed by address into the GSS init...

Linux Distros Unpatched Vulnerability : CVE-2022-2469

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client CVE-2022-2469 Note that Nessus relies on the presence of the packag...

Linux Distros Unpatched Vulnerability : CVE-2011-1526

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 Applications aka krb5-appl 1.0.1 and earlier does not check the krb5setegid return value, which allow...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GNU SASL vulnerability (USN-6169-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6169-1 advisory. It was discovered that GNU SASL's GSSAPI server could make an out-of-bounds reads if given specially crafted GSS-API...

Debian: Security Advisory (DLA-340-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2007-1216

Double free vulnerability in the GSS-API library lib/gssapi/krb5/k5unseal.c, as used by the Kerberos administration daemon kadmind in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSECGSS RPC library, allows remote authenticated users to execute arbitrary code...

SUSE CVE-2010-0628

The spnegogssacceptseccontext function in lib/gssapi/spnego/spnegomech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 aka krb5 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service assertion failure and daemon crash via an invalid packet that triggers...

SUSE CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called...

SUSE CVE-2022-2469

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client...

UBUNTU-CVE-2023-25563

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, multiple out-of-bounds reads when decoding NTLM fields can trigger a denial of service. A 32-bit integer overflow condition can lead to incorrect checks of consistency of length of...

GSS-NTLMSSP 安全漏洞

GSS-NTLMSSP is gssapi open source mechglue plugin that implements NTLM authentication GSSAPI library . GSS-NTLMSSP 1.2.0 before the version of a security vulnerability , the vulnerability stems from the decoding of the target information when the wrong release will trigger a denial of service , a...

OpenJDK: improper MultiByte conversion can lead to buffer overflow (JGSS, 8286077)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JGSS. Supported versions that are affected are Oracle Java SE: 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 21.3.3 and 22.2.0. Easily exploitable vulnerability allows unauthenticated...

Updated libgsasl packages fix security vulnerability

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client. CVE-2022-2469...