Lucene search
+L

8 matches found

Mageia
Mageia
added 2026/06/27 5:16 p.m.13 views

Updated krb5 packages fix security vulnerabilities

CVE-2025-3576, A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity...

7.5CVSS5.8AI score0.00507EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.16 views

TencentOS Server 3: krb5 (TSSA-2026:0386)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0386 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

7.5CVSS5.9AI score0.00507EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2026/05/19 4:31 p.m.15 views

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of...

7.5CVSS5.8AI score0.00501EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

CentOS 9 : krb5-1.21.1-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the krb5-1.21.1-10.el9 build changelog. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls...

7.5CVSS5.9AI score0.00507EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.11 views

SUSE CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS5.6AI score0.00501EPSS
Exploits1References14
RedhatCVE
RedhatCVE
added 2026/04/28 8:54 a.m.6 views

CVE-2026-40355

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...

5.9CVSS5.7AI score0.00507EPSS
Exploits1References6
CVE
CVE
added 2026/04/28 12:0 a.m.44 views

CVE-2026-40356

MIT Kerberos 5 (krb5) before 1.22.3 is affected by an integer underflow that can cause an out-of-bounds read when gss_accept_sec_context() is invoked on systems with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker could trigger a denial via process termination. ...

7.5CVSS5.5AI score0.00501EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/16 3:2 a.m.6 views

SUSE CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

6.5CVSS7.1AI score0.01942EPSS
Exploits0References4
Rows per page
Query Builder