Lucene search
+L

17 matches found

nessus
nessus
added 2026/01/16 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004272)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004272 advisory. gssmechfree in net/sunrpc/authgss/gssmechswitch.c in the rpcsecgsskrb5 implementation in the Linux kernel through 5.6.10 lacks certain domainrelease calls, leading t...

5.5CVSS6.8AI score0.00334EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-36618

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00748EPSS
Exploits0References4
ibm
ibm
added 2024/11/01 10:12 p.m.32 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...

9.1CVSS10AI score0.36081EPSS
Exploits3Affected Software1
nessus
nessus
added 2024/10/09 12:0 a.m.20 views

EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2506)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...

9.1CVSS7.3AI score0.01863EPSS
Exploits0References3
redos
redos
added 2024/09/11 12:0 a.m.341 views

ROS-20240911-04

A vulnerability in the Kerberos network authentication protocol is associated with modification of the Extra Count open field of the confidential GSS krb5 shell token. Exploitation of the vulnerability allows an attacker acting remotely to affect the integrity and operation of the system. remotel...

9.1CVSS7.2AI score0.01863EPSS
Exploits0
nessus
nessus
added 2024/08/06 12:0 a.m.20 views

CBL Mariner 2.0 Security Update: krb5 (CVE-2024-37370)

The version of krb5 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37370 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a...

7.5CVSS6.9AI score0.00748EPSS
Exploits0References2
openvas
openvas
added 2024/07/10 12:0 a.m.22 views

openSUSE: Security Advisory for krb5 (SUSE-SU-2024:2303-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.1CVSS8.5AI score0.01863EPSS
Exploits0References2
osv
osv
added 2024/07/05 10:4 a.m.15 views

SUSE-SU-2024:2307-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields bsc1227187...

9.1CVSS8.2AI score0.01863EPSS
Exploits0References5
nessus
nessus
added 2024/07/05 12:0 a.m.22 views

SUSE SLES15: krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-plugin-kdb-ldap / etc (SUSE-SU-2024:2303-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2303-1 advisory. - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. -...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References7
osv
osv
added 2024/07/04 2:21 p.m.14 views

SUSE-SU-2024:2302-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields bsc1227187...

9.1CVSS8.2AI score0.01863EPSS
Exploits0References5
mageia
mageia
added 2024/07/03 4:36 p.m.44 views

Updated krb5 packages fix security vulnerabilities

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

9.1CVSS7.2AI score0.01863EPSS
Exploits0References1
osv
osv
added 2024/07/03 4:36 p.m.8 views

MGASA-2024-0253 Updated krb5 packages fix security vulnerabilities

Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

9.1CVSS8.4AI score0.01863EPSS
Exploits0References2
veracode
veracode
added 2024/07/01 11:0 a.m.24 views

Plaintext Modification

libkrb5.so is vulnerable to a Plaintext Modification attack. The vulnerability is due to improper modifications in the plaintext Extra Count field of a confidential GSS krb5 wrap token, allowing an attacker to make an unwrapped token appear truncated to the application...

7.5CVSS6.5AI score0.00748EPSS
Exploits0References4Affected Software2
cve
cve
added 2024/06/28 12:0 a.m.217 views

CVE-2024-37370

Summary: CVE-2024-37370 affects MIT Kerberos 5 (krb5) before 1.21.3. An attacker can modify the plaintext Extra Count field in a confidential GSS wrap token, causing the unwrapped token to appear truncated to the application. The issue is tied to krb5’s GSS token handling and can impact confident...

7.5CVSS6.8AI score0.00748EPSS
Exploits0References4Affected Software1
alpinelinux
alpinelinux
added 2024/06/28 12:0 a.m.21 views

CVE-2024-37370

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

7.5CVSS7.2AI score0.00748EPSS
Exploits0
ptsecurity
ptsecurity
added 2020/05/04 12:0 a.m.28 views

PT-2020-3071 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.10 Description: The issue is related to a memory leak in the Linux kernel's rpcsec gss krb5 implementation, specifically in the gss mech free function. This leak occurs when unloading a specific kernel module...

10CVSS6AI score0.78684EPSS
Exploits171References2238
redhat
redhat
added 2020/01/21 11:18 p.m.3 views

OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

4.3CVSS7.4AI score0.03085EPSS
Exploits0References4
Rows per page
Query Builder