Astra Linux - уязвимость в krb5

In MIT Kerberos 5 also known as krb5, before version 1.21.3, an attacker could modify the plaintext Extra Count field of a confidential GSS krb5 wrap token. This modification caused the unwrapped token to appear truncated, affecting the application...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bnxten: The bdcnt field in the TX BD must be properly masked. The bdcnt field in the TX BD specifies the total number of BDs for the TX packet. This field consists of 5 bits, and the maximum supported value is 32 with a value of ...

CVE-2026-42146

A flaw was found in CImg Library. A remote attacker can exploit this vulnerability by providing a specially crafted BMP Bitmap image file. This occurs because the nbcolors field in the BMP file header is used directly to compute an allocation size without proper validation against the remaining...

CVE-2026-42146 CImg Library: Uncontrolled memory allocation via nb_colors field in _load_bmp

CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nbcolors field read from the BMP file header is used directly to compute an allocation size without validating it against the remaining file size. A crafted BMP file with a large nbcolors value triggers an...

JLSEC-2026-93

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

Linux Distros Unpatched Vulnerability : CVE-2018-18651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xpdf 4.00. catalog-getNumPages in AcroForm.cc allows attackers to launch a denial of service hang caused by large loop via a specific...

DEBIAN-CVE-2025-22108

In the Linux kernel, the following vulnerability has been resolved: bnxten: Mask the bdcnt field in the TX BD properly The bdcnt field in the TX BD specifies the total number of BDs for the TX packet. The bdcnt field has 5 bits and the maximum number supported is 32 with the value 0...

Azure Linux 3.0 Security Update: krb5 (CVE-2024-37370)

The version of krb5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37370 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a...

kernel: scsi: mpi3mr: Sanitise num_phys

A vulnerability was found in the Linux kernel's mpi3mr driver in the mpi3mrsasportadd function, where a lack of proper checks could lead to values that are larger than what the defined size of the numphys field in the mrsasnode structure being inserted, causing the field to be overwritten and...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2770)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2752)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2530)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2530)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2506)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...

CLSA-2024-1726769396 krb5: Fix of 2 CVEs

CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application - CVE-2024-37371: fix invalid memory reads during GSS message token handling...

The vulnerability of the Kerberos 5 authentication network protocol, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to the GSS krb5 token.

The vulnerability of the Kerberos authentication protocol lies in a change to the extra count field of the confidential token GSS krb5. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to the GSS krb5 token...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2442)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...