Lucene search
K

34 matches found

F5 Networks
F5 Networks
added 2023/02/21 7:49 p.m.44 views

K15561: Kerberos vulnerability CVE-2014-4344

Security Advisory Description The accctxcont function in the SPNEGO acceptor in lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via an empty continuatio...

7.8CVSS7.8AI score0.06614EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/02 1:24 p.m.68 views

Security Bulletin: IBM DataPower Gateway affected by vulnerabilities in Kerberos

Summary IBM has provided explicit mitigation for the following Kerberos CVEs. DataPower did not previously provide the conditions necessary to exploit these CVEs. The explicit mitigations provided here protect against possible future changes that might have made them exploitable. Vulnerability...

9CVSS9AI score0.06614EPSS
Exploits0Affected Software3
OpenVAS
OpenVAS
added 2021/06/09 12:0 a.m.27 views

SUSE: Security Advisory (SUSE-SU-2014:0989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS6.6AI score0.07138EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.27 views

Oracle: Security Advisory (ELSA-2014-1389)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.6AI score0.08085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.31 views

Oracle: Security Advisory (ELSA-2014-1245)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.1AI score0.07138EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/09/08 12:0 a.m.23 views

Amazon Linux: Security Advisory (ALAS-2014-443)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.5CVSS6.6AI score0.08085EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/03/10 12:0 a.m.35 views

Fedora Update for krb5 FEDORA-2015-2382

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.7AI score0.08085EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2015/03/06 12:0 a.m.32 views

RedHat Update for krb5 RHSA-2015:0439-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.5AI score0.08085EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/03/05 12:0 a.m.35 views

RHEL 7 : krb5 (RHSA-2015:0439)

Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

9CVSS7.3AI score0.08085EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2015/02/26 12:0 a.m.36 views

FreeBSD : krb5 1.11 -- New release/fix multiple vulnerabilities (dbf9e66c-bd50-11e4-a7ba-206a8a720317)

The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6 : Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...

9CVSS6.8AI score0.08085EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2015/02/25 12:0 a.m.35 views

krb5 1.11 -- New release/fix multiple vulnerabilities

The MIT Kerberos team announces the availability of MIT Kerberos 5 Release 1.11.6: Handle certain invalid RFC 1964 GSS tokens correctly to avoid invalid memory reference vulnerabilities. CVE-2014-4341 Fix memory management vulnerabilities in GSSAPI SPNEGO. CVE-2014-4343 CVE-2014-4344 Fix buffer...

9CVSS8.1AI score0.08085EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/11/18 12:0 a.m.34 views

Amazon Linux AMI : krb5 (ALAS-2014-443)

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418 , CVE-2013-6800 A NULL pointer...

8.5CVSS7.1AI score0.08085EPSS
Exploits0References8
Amazon
Amazon
added 2014/11/11 12:0 a.m.33 views

Medium: krb5

Issue Overview: It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418, CVE-2013-6800 A NU...

8.5CVSS7.7AI score0.08085EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2014/10/17 12:0 a.m.30 views

Oracle Linux 6 : krb5 (ELSA-2014-1389)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1389 advisory. - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344...

8.5CVSS6.6AI score0.08085EPSS
Exploits0References8
Oracle linux
Oracle linux
added 2014/10/15 12:0 a.m.41 views

krb5 security and bug fix update

1.10.3-33 - actually apply that last patch 1.10.3-32 - incorporate fix for MITKRB5-SA-2014-001 CVE-2014-4345, 1128157 1.10.3-31 - ksu: when evaluating .k5users, don't throw away data from .k5users when we're not passed a command to run, which implicitly means we're attempting to run the target...

8.5CVSS0.08085EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/14 12:0 a.m.38 views

RHEL 6 : krb5 (RHSA-2014:1389)

Updated krb5 packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

8.5CVSS7.1AI score0.08085EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2014/10/14 12:0 a.m.51 views

Scientific Linux Security Update : krb5 on SL5.x i386/x86_64 (20140916)

It was found that if a KDC served multiple realms, certain requests could cause the setupserverrealm function to dereference a NULL pointer. A remote, unauthenticated attacker could use this flaw to crash the KDC using a specially crafted request. CVE-2013-1418, CVE-2013-6800 A NULL pointer...

7.8CVSS6.9AI score0.07138EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2014/09/18 12:0 a.m.42 views

Oracle Linux 5 : krb5 (ELSA-2014-1245)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1245 advisory. - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344, 1121509 - fix what appears to be a cosmetic error in the patch...

7.8CVSS7.1AI score0.07138EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2014/09/17 12:0 a.m.49 views

krb5 security and bug fix update

1.6.1-78.el5 - gssapi: pull in upstream fix for a possible NULL dereference in spnego CVE-2014-4344, 1121509 1.6.1-77.el5 - fix what appears to be a cosmetic error in the patch for self-tests for CVE-2014-4341 1.6.1-76.el5 - run the backported self-tests, such as they are, for CVE-2014-4341...

7.8CVSS1.3AI score0.07138EPSS
Exploits0
F5 Networks
F5 Networks
added 2014/09/04 12:0 a.m.56 views

SOL15561 - Kerberos vulnerability CVE-2014-4344

Vulnerability Recommended Actions You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the above tables. If the Versions known to be not vulnerable column does not list a version that is higher than the version you are running, then...

7.8CVSS1.4AI score0.06614EPSS
Exploits0References4
Rows per page
Query Builder