Lucene search
K

29 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:46 p.m.31 views

K15553: Kerberos vulnerability CVE-2014-4343

Security Advisory Description Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execu...

7.6CVSS8.7AI score0.06419EPSS
Exploits0Affected Software3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2014:0989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.6AI score0.07138EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.27 views

Oracle: Security Advisory (ELSA-2014-1389)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.6AI score0.08085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.23 views

Amazon Linux: Security Advisory (ALAS-2014-443)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.6AI score0.08085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/10 12:0 a.m.35 views

Fedora Update for krb5 FEDORA-2015-2382

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.7AI score0.08085EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/03/06 12:0 a.m.32 views

RedHat Update for krb5 RHSA-2015:0439-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.5AI score0.08085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/05 12:0 a.m.35 views

RHEL 7 : krb5 (RHSA-2015:0439)

Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

9CVSS7.3AI score0.08085EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2015/02/26 12:0 a.m.36 views

FreeBSD : krb5 1.11 -- New release/fix multiple vulnerabilities (dbf9e66c-bd50-11e4-a7ba-206a8a720317)

The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6 : Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...

9CVSS6.8AI score0.08085EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/02/25 12:0 a.m.35 views

krb5 1.11 -- New release/fix multiple vulnerabilities

The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6: Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...

9CVSS8.1AI score0.08085EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/11/18 12:0 a.m.34 views

Amazon Linux AMI : krb5 (ALAS-2014-443)

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418 , CVE-2013-6800 A NULL pointer...

8.5CVSS7.1AI score0.08085EPSS
Exploits0References8
Amazon
Amazon
added 2014/11/11 12:0 a.m.34 views

Medium: krb5

Issue Overview: It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418, CVE-2013-6800 A NU...

8.5CVSS7.7AI score0.08085EPSS
Exploits0References1
Oracle linux
Oracle linux
added 2014/10/15 12:0 a.m.41 views

krb5 security and bug fix update

1.10.3-33 - actually apply that last patch 1.10.3-32 - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 1.10.3-31 - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target...

8.5CVSS0.08085EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/14 12:0 a.m.38 views

RHEL 6 : krb5 (RHSA-2014:1389)

Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

8.5CVSS7.1AI score0.08085EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.50 views

F5 Networks BIG-IP : Kerberos vulnerability (K15553)

Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via network...

7.6CVSS7.7AI score0.06419EPSS
Exploits0References2
IBM AIX
IBM AIX
added 2014/08/28 3:15 a.m.56 views

Multiple Security vulnerabilities in IBM NAS

IBM SECURITY ADVISORY First Issued : Thu Aug 28 03:15:00 CDT 2014 | Updated: Fri Sep 5 01:11:34 CDT 2014 | Update: The same ifix with a packaging change has been added in | Update: "A. FIXES" section. The most recent version of this document is available here:...

7.8CVSS6.4AI score0.07138EPSS
Exploits0
OpenVAS
OpenVAS
added 2014/08/27 12:0 a.m.30 views

Fedora Update for krb5 FEDORA-2014-9305

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS7.6AI score0.08085EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2014/08/15 12:0 a.m.27 views

Fedora Update for krb5 FEDORA-2014-9315

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS7.6AI score0.08085EPSS
Exploits1References2
OSV
OSV
added 2014/08/14 5:1 a.m.4 views

CVE-2014-4343

Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via network...

7.8AI score
Exploits0References21
Debian CVE
Debian CVE
added 2014/08/14 1:0 a.m.24 views

CVE-2014-4343

Double free vulnerability in the initctxreselect function in the SPNEGO initiator in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service memory corruption or possibly execute arbitrary code via network...

7.6CVSS8.3AI score0.06419EPSS
Exploits0
CVE
CVE
added 2014/08/14 1:0 a.m.107 views

CVE-2014-4343

CVE-2014-4343 is a double-free flaw in MIT Kerberos SPNEGO: the SPNEGO initiator’s init_ctx_reselect can be corrupted by crafted traffic from an impersonating acceptor, leading to memory corruption or denial of service and potentially code execution. Affected: MIT Kerberos 5 (krb5) 1.10.x through...

7.6CVSS7.8AI score0.06419EPSS
Exploits0References18Affected Software1
Rows per page
Query Builder