CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

OSV•added 2026/05/22 2:59 p.m.•6 views

CLSA-2026-1779461988 krb5: Fix of 3 CVEs

CVE-2024-3596: generate and verify Message-Authenticator MACs in libkrad to mitigate the BlastRADIUS attack on the RADIUS protocol; includes follow-up fix for uninitialized pointer dereference in kradpacketdecoderequest - CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap...

9.1CVSS6AI score0.22162EPSS

Exploits2References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в krb5

In MIT Kerberos 5 also known as krb5, before version 1.21.3, an attacker could modify the plaintext Extra Count field of a confidential GSS krb5 wrap token. This modification caused the unwrapped token to appear truncated, affecting the application...

7.5CVSS7AI score0.00545EPSS

Exploits0References2

OSV•added 2026/04/13 2:33 p.m.•1 views

JLSEC-2026-93

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

7.5CVSS5.8AI score0.00545EPSS

Exploits0References5

OSV•added 2026/03/10 12:32 p.m.•4 views

CLSA-2026-1773145958 Fix CVE(s): CVE-2024-37370, CVE-2024-37371

SECURITY UPDATE: Fix vulnerabilities in GSS message token handling - debian/patches/CVE-2024-37370-CVE-2024-37371.patch: Verify Extra Count field in CFX wrap tokens, validate plaintext length in gssunwrap, and prevent IOV unwrap header buffer overrun - CVE-2024-37370 - CVE-2024-37371...

9.1CVSS5.9AI score0.02606EPSS

Exploits0References1

RedHat Linux•added 2025/02/19 11:10 a.m.•0 views

krb5: GSS message token handling

A vulnerability was found in the MIT Kerberos 5 GSS krb5 wrap token, where an attacker can modify the plaintext Extra Count field, causing the unwrapped token to appear truncated to the application, occurs when the attacker alters the token data during transmission which can lead to improper...

9.1CVSS7.2AI score0.02606EPSS

Exploits0References6

RedHat Linux•added 2025/02/19 10:31 a.m.•0 views

krb5: GSS message token handling

9.1CVSS7.2AI score0.02606EPSS

Exploits0References6

Tenable Nessus•added 2025/02/10 12:0 a.m.•7 views

Azure Linux 3.0 Security Update: krb5 (CVE-2024-37370)

The version of krb5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37370 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a...

7.5CVSS6.9AI score0.00545EPSS

Exploits0References2

OpenVAS•added 2024/10/28 12:0 a.m.•14 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2770)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS9.6AI score0.02606EPSS

Exploits0References2

OpenVAS•added 2024/10/28 12:0 a.m.•13 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2752)

9.1CVSS9.6AI score0.02606EPSS

Exploits0References2

Tenable Nessus•added 2024/10/09 12:0 a.m.•24 views

EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2530)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...

9.1CVSS7.3AI score0.02606EPSS

Exploits0References3

OpenVAS•added 2024/10/09 12:0 a.m.•8 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2530)

9.1CVSS9.5AI score0.02606EPSS

Exploits0References2

Tenable Nessus•added 2024/10/09 12:0 a.m.•18 views

EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2506)

9.1CVSS7.3AI score0.02606EPSS

Exploits0References3

OSV•added 2024/09/20 2:5 p.m.•4 views

CLSA-2024-1726840907 krb5: Fix of 2 CVEs

CVE-2024-37370: prevent modification of Extra Count field in GSS krb5 wrap token to avoid appearing truncated to application - CVE-2024-37371: fix invalid memory reads during GSS message token handling...

9.1CVSS7.1AI score0.02606EPSS

Exploits0References1

OSV•added 2024/09/19 6:9 p.m.•2 views

CLSA-2024-1726769396 krb5: Fix of 2 CVEs

9.1CVSS7AI score0.02606EPSS

Exploits0References1

OSV•added 2024/09/19 6:8 p.m.•3 views

CLSA-2024-1726769331 krb5: Fix of 2 CVEs

9.1CVSS7.1AI score0.02606EPSS

Exploits0References1

OSV•added 2024/09/19 6:7 p.m.•2 views

CLSA-2024-1726769233 krb5: Fix of 2 CVEs

9.1CVSS7AI score0.02606EPSS

Exploits0References1

BDU FSTEC•added 2024/09/13 12:0 a.m.•0 views

The vulnerability of the Kerberos 5 authentication network protocol, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to the GSS krb5 token.

The vulnerability of the Kerberos authentication protocol lies in a change to the extra count field of the confidential token GSS krb5. Exploiting this vulnerability allows an attacker operating remotely to gain unauthorized access to the GSS krb5 token...

7.8CVSS0.00545EPSS

Exploits0References11Affected Software6

OpenVAS•added 2024/09/12 12:0 a.m.•14 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2419)

9.1CVSS9.4AI score0.02606EPSS

Exploits0References2

OpenVAS•added 2024/09/12 12:0 a.m.•18 views

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2024-2442)

9.1CVSS9.4AI score0.02606EPSS

Exploits0References2

Tenable Nessus•added 2024/09/12 12:0 a.m.•19 views

EulerOS 2.0 SP10 : krb5 (EulerOS-SA-2024-2442)