Login With Empty Credential

github.com/go-ldap/ldap allows the user to login with empty password or credentials. The vulnerability is only affects applications with the following conditions: - authorization of a user is performed by relying on the return error of the Bind function call i.e., a nil return is considered...

krb5 RPC library unitialized pointer free

The gssrpcsvcauthgssapi function in the RPC library in MIT Kerberos 5 krb5 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup...