Lucene search
K

369 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 6:18 a.m.3 views

SUSE CVE-2005-1174

MIT Kerberos 5 krb5 1.3 through 1.4.1 Key Distribution Center KDC allows remote attackers to cause a denial of service application crash via a certain valid TCP connection that causes a free of unallocated memory...

5CVSS8.2AI score0.05221EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-3295

The prepreprocessreq function in kdc/dotgsreq.c in the cross-realm referral implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 before 1.7.1 allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a ticket request...

5CVSS6.8AI score0.40345EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1320

Double free vulnerability in dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service daemon crash or possibly execute arbitrary code via a request associated with 1 renewal or 2 validation...

4CVSS7.8AI score0.11857EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.5 views

SUSE CVE-2010-1322

The mergeauthdata function in kdcauthdata.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service daemon crash, or possibly obtain sensitive...

6.5CVSS7.6AI score0.0304EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:59 a.m.4 views

SUSE CVE-2010-1323

MIT Kerberos 5 aka krb5 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center KDC, or forge a KRB-SAFE message via...

3.7CVSS7AI score0.02847EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1530

The processtgsreq function in dotgsreq.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via a crafted TGS request that triggers an error other than the...

6.8CVSS6.6AI score0.02473EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.4 views

SUSE CVE-2011-1529

The lookuplockoutpolicy function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 aka Berkeley DB or LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via vectors...

7.8CVSS6.9AI score0.04046EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.2 views

SUSE CVE-2012-1015

The kdchandleprotectednegotiation function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute...

9.3CVSS8.9AI score0.04814EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.3 views

SUSE CVE-2012-1016

The pkinitserverreturnpadata function in plugins/preauth/pkinit/pkinitsrv.c in the PKINIT implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a...

5CVSS6.9AI score0.02576EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.3 views

SUSE CVE-2015-2697

The buildprincipalva function in lib/krb5/krb/bldprinc.c in MIT Kerberos 5 aka krb5 before 1.14 allows remote authenticated users to cause a denial of service out-of-bounds read and KDC crash via an initial '\0' character in a long realm field within a TGS request...

4CVSS6.6AI score0.04128EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 5:4 a.m.4 views

SUSE CVE-2016-3120

The validateasrequest function in kdcutil.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.13.6 and 1.4.x before 1.14.3, when restrictanonymoustotgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service NU...

6.5CVSS6.3AI score0.0462EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:47 a.m.4 views

SUSE CVE-2017-7562

An authentication bypass flaw was found in the way krb5's certauth interface before 1.16.1 handled the validation of client certificates. A remote attacker able to communicate with the KDC could potentially use this flaw to impersonate arbitrary principals under rare and erroneous circumstances...

6.5CVSS9.1AI score0.03303EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-11368

In MIT Kerberos 5 aka krb5 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests...

6.5CVSS6.9AI score0.02397EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.2 views

SUSE CVE-2017-17439

In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...

7.5CVSS7.1AI score0.03427EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.5 views

SUSE CVE-2018-20217

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 aka krb5 before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type single-DES, triple-DES, or RC4, the attacker can crash the KDC by making an S4U2Self request...

6.5CVSS8.3AI score0.01417EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-36222

ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation...

7.5CVSS6.8AI score0.10276EPSS
Exploits0References120
SUSE CVE
SUSE CVE
added 2023/02/15 3:33 a.m.5 views

SUSE CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

8.8CVSS6.6AI score0.00965EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.4 views

SUSE CVE-2022-44640

Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center KDC...

9.8CVSS6.8AI score0.01844EPSS
Exploits0References6
OSV
OSV
added 2023/02/02 9:17 p.m.10 views

CLSA-2023-1675372649 Fix CVE(s): CVE-2018-20217

SECURITY UPDATE: Possible KDC crash processing malformed S4U2Self request - debian/patches/CVE-2018-20217.patch: ignore password attributes for S4U2Self requests - CVE-2018-20217...

5.3CVSS6.6AI score0.01417EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/01/31 12:0 a.m.23 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2023-1263)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS7.3AI score0.02166EPSS
Exploits0References2
Rows per page
Query Builder