28 matches found
EUVD-2024-36619
Malicious code in bioql PyPI...
Azure Linux 3.0 Security Update: krb5 (CVE-2024-37371)
The version of krb5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37371 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token...
Wasm3 安全漏洞
Wasm3 is a fast WebAssembly interpreter and the most versatile WASM runtime from the Wasm3 open source. A security vulnerability exists in Wasm3 version 139076a, which stems from an invalid memory read attack that results in a denial of service and potentially code execution...
EulerOS Virtualization 2.12.1 : krb5 (EulerOS-SA-2024-2752)
According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...
EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2024-2506)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wit...
EulerOS 2.0 SP9 : krb5 (EulerOS-SA-2024-2370)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the...
EulerOS 2.0 SP9 : krb5 (EulerOS-SA-2024-2395)
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the...
CBL Mariner 2.0 Security Update: krb5 (CVE-2024-37371)
The version of krb5 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-37371 advisory. - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token...
Amazon Linux 2 : krb5 (ALAS-2024-2595)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2595 advisory. krb5: GSS message token handling CVE-2024-37370 In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens wi...
OESA-2024-1825 krb5 security update
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS kr...
Updated krb5 packages fix security vulnerabilities
Before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application. CVE-2024-37370 Before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...
Denial Of Service (DoS)
MIT Kerberos 5 is vulnerable to Denial Of Service DoS. The vulnerability is due to insufficient validation of length fields in message tokens, allowing an attacker to cause invalid memory reads by sending tokens with invalid length values...
CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
AZL-42996 CVE-2024-37371 affecting package krb5 for versions less than 1.21.3-1
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
DEBIAN-CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
CVE-2024-37371
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields...
PT-2024-6097
Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions prior to 1.21.3 Description: The issue is related to the handling of GSS message tokens in the Kerberos authentication protocol. An attacker can cause invalid memory reads by sending message tokens with invalid length...
openSUSE Security Update : GraphicsMagick (openSUSE-2019-486)
This update for GraphicsMagick fixes the following issues : The following security fixes were fixed : - CVE-2018-10805: Fixed a memory leak in ReadYCBCRImage in coders/ycbcr.c and rgb.c, cmyk.c and gray.c boo1095812 - Fixed invalid memory reads in dcm.c boo1075821c14 %NASLMINLEVEL 70300 C Tenable...
Debian: Security Advisory (DLA-1631-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...