17 matches found
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004272)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004272 advisory. gssmechfree in net/sunrpc/authgss/gssmechswitch.c in the rpcsecgsskrb5 implementation in the Linux kernel through 5.6.10 lacks certain domainrelease calls, leading t...
EUVD-2024-36618
Malicious code in bioql PyPI...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v4.8.6 is vulnerable to multiple Operator package issues. We have performed updates to the Operators used by our Speech Services. The following vulnerabilities have been addressed in this update. Please read the details for...
EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2506)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...
ROS-20240911-04
A vulnerability in the Kerberos network authentication protocol is associated with modification of the Extra Count open field of the confidential GSS krb5 shell token. Exploitation of the vulnerability allows an attacker acting remotely to affect the integrity and operation of the system. remotel...
CBL Mariner 2.0 Security Update: krb5 (CVE-2024-37370)
The version of krb5 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37370 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a...
openSUSE: Security Advisory for krb5 (SUSE-SU-2024:2303-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2307-1 Security update for krb5
This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields bsc1227187...
SUSE SLES15: krb5 / krb5-32bit / krb5-client / krb5-devel / krb5-plugin-kdb-ldap / etc (SUSE-SU-2024:2303-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2303-1 advisory. - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. -...
SUSE-SU-2024:2302-1 Security update for krb5
This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted bsc1227186. - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields bsc1227187...
Updated krb5 packages fix security vulnerabilities
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...
MGASA-2024-0253 Updated krb5 packages fix security vulnerabilities
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...
Plaintext Modification
libkrb5.so is vulnerable to a Plaintext Modification attack. The vulnerability is due to improper modifications in the plaintext Extra Count field of a confidential GSS krb5 wrap token, allowing an attacker to make an unwrapped token appear truncated to the application...
CVE-2024-37370
Summary: CVE-2024-37370 affects MIT Kerberos 5 (krb5) before 1.21.3. An attacker can modify the plaintext Extra Count field in a confidential GSS wrap token, causing the unwrapped token to appear truncated to the application. The issue is tied to krb5’s GSS token handling and can impact confident...
CVE-2024-37370
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...
PT-2020-3071 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.10 Description: The issue is related to a memory leak in the Linux kernel's rpcsec gss krb5 implementation, specifically in the gss mech free function. This leak occurs when unloading a specific kernel module...
OpenJDK: Improper checks of SASL message properties in GssKrb5Base (Security, 8226352)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Security. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...