AZL-42996 CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...

MIT Kerberos Security Vulnerability

MIT Kerberos is a Massachusetts Institute of Technology MIT software for authentication in network clusters.Kerberos also serves as a network authentication protocol designed with the goal of providing strong authentication services to client/server applications through a key system. A security...

PT-2024-6104 · Mit +10 · Mit Kerberos 5 +10

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions prior to 1.21.3 Description: The issue is related to the modification of the plaintext Extra Count field of a confidential GSS krb5 wrap token. This can cause the unwrapped token to appear truncated to the application,...

AZL-35479 CVE-2024-26458 affecting package krb5 for versions less than 1.21.3-2

Kerberos 5 aka krb5 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmaprmt.c...

CVE-2013-4568

Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting XSS attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression"...