Lucene search
K

51 matches found

Vulnrichment
Vulnrichment
added 2023/03/06 12:0 a.m.10 views

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.2AI score0.00491EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/06 12:0 a.m.29 views

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.9AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2023/03/06 12:0 a.m.502 views

CVE-2022-45142

CVE-2022-45142 is an issue in Heimdal where the backport of fixes for CVE-2022-3437 introduced a logic inversion that inverted MIC validation in gssapi/arcfour. Affected branches include heimdal-7.7.1 and 7.8.0 (and possibly other branches). The consequence is incorrect message integrity verifica...

7.5CVSS7AI score0.00491EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2023/03/06 12:0 a.m.63 views

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.8AI score0.00491EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2023/03/06 12:0 a.m.122 views

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS8.1AI score0.00491EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/02/09 1:26 p.m.71 views

CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS7AI score0.0369EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 12:0 a.m.4 views

UBUNTU-CVE-2022-45142

The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches and possibly other branches a logic inversion sneaked...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/02/08 12:0 a.m.41 views

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Heimdal vulnerabilities (USN-5849-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5849-1 advisory. Helmut Grohne discovered that Heimdal GSSAPI incorrectly handled logical conditions that are related to memory management operations. An...

7.5CVSS6.8AI score0.00491EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/12/22 12:0 a.m.40 views

Fedora 36 : heimdal (2022-dba9ba8e2b)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-dba9ba8e2b advisory. Fixes: Delay service starts until after network is online rhbz2005501 Restart services on package update will apply when updating from this release...

9.8CVSS6.7AI score0.06419EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/12/09 12:0 a.m.4 views

PT-2022-6537 · Heimdal +4 · Heimdal +4

Name of the Vulnerable Software and Affected Versions: heimdal versions 7.7.1 through 7.8.0 Description: The issue is related to the implementation of the Kerberos5 protocol in heimdal, specifically concerning incorrect validation of message integrity codes. This can allow a remote attacker to...

7.8CVSS6.2AI score0.0369EPSS
Exploits0References33
NVD
NVD
added 2022/02/01 8:15 p.m.35 views

CVE-2022-24198

iText v7.1.17 was discovered to contain an out-of-bounds exception via the component ARCFOUREncryption.encryptARCFOUR, which allows attackers to cause a Denial of Service DoS via a crafted PDF file. NOTE: Vendor does not view this as a vulnerability and has not found it to be exploitable...

6.5CVSS0.00547EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/02/01 12:0 a.m.5 views

PT-2022-16536 · Itext · Itext

Name of the Vulnerable Software and Affected Versions: iText version 7.1.17 Description: The issue allows attackers to cause a Denial of Service DoS via a crafted PDF file, exploiting an out-of-bounds exception in the ARCFOUREncryption.encryptARCFOUR component. The vendor does not view this as a...

6.5CVSS5.3AI score0.00547EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.5 views

Mageia: Security Advisory (MGASA-2017-0412)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References4
Veracode
Veracode
added 2020/04/10 12:46 a.m.36 views

Arbitary Code Execution

krb5 is vulnerable to arbitrary code execution. Multiple integer underflow flaws, leading to heap-based corruption, were found in the way the MIT Kerberos Key Distribution Center KDC decrypted ciphertexts encrypted with the Advanced Encryption Standard AES and ARCFOUR RC4 encryption algorithms. I...

10CVSS4.5AI score0.07411EPSS
Exploits0References33Affected Software1
OpenVAS
OpenVAS
added 2018/11/04 12:0 a.m.53 views

Debian: Security Advisory (DLA-1560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.03623EPSS
Exploits0References3
Debian
Debian
added 2018/10/30 4:34 p.m.462 views

[SECURITY] [DLA 1560-1] gnutls28 security update

Package : gnutls28 Version : 3.3.30-0+deb8u1 CVE ID : CVE-2018-10844 CVE-2018-10845 CVE-2018-10846 A set of vulnerabilities was discovered in GnuTLS which allowed attackers to do plain text recovery on TLS connections with certain cipher types. CVE-2018-10844 It was found that the GnuTLS...

5.9CVSS6.4AI score0.03623EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/18 12:35 a.m.17 views

Security Bulletin: Arcfour vulnerability issue in IBM Storwize V7000 Unified

Summary IBM Storwize V7000 Unified was shipped with Arcfour which uses weak client-to-server encryption algorithms, for which fix is available. Vulnerability Details CVEID: CVE-2017-1375 DESCRIPTION: IBM System Storage Storwize V7000 Unified V7000U uses weaker than expected cryptographic algorith...

7.5CVSS0.9AI score0.01021EPSS
Exploits0Affected Software1
Hacker One
Hacker One
added 2018/02/21 2:23 a.m.43 views

GSA Bounty: SSH server compatible with several vulnerable cryptographic algorithms

An ssh-audit scan found that ssh.fr.cloud.gov supports sha1 for various purposesincluding exclusively for MAC addresses, as well as arcfour. Both of these are outdated and known vulnerable. The algorithms used are also indicative of an outdated SSH version OpenSSH 6 or Dropbear 2013. It's probabl...

0.6AI score
Exploits0
OSV
OSV
added 2017/11/16 8:36 a.m.3 views

MGASA-2017-0412 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...

7.2AI score
Exploits0References3
Mageia
Mageia
added 2017/11/16 8:36 a.m.21 views

Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Out-Of-Bounds Read in timelibmeridian in the Date module php75055. Arcfour encryption stream filter crashes php-mcrypt php72535...

1.3AI score
Exploits0References2
Rows per page
Query Builder