Linux Distros Unpatched Vulnerability : CVE-2026-11850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an...

CVE-2026-11850 Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

CVE-2026-11850

CVE-2026-11850 affects MIT Kerberos 5; the vulnerability is an integer underflow in berval2tl_data() inside ldap_principal2.c, where unsigned bv_len - 2 lacks bounds checking. When bv_len is 0 or 1, the subtraction underflows to 0xFFFE/0xFFFF and is then memcpy’d from a 0–1 byte buffer, causing a...

In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.

...

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the resize function in kdblog.c when processing a large update size during incremental propagation. An attacker can cause an out-of-bounds write and crash the kadmind daemon by sending specially crafte...

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

CVE-2025-24528

CVE-2025-24528 affects MIT Kerberos 5 (krb5) up to but not including 1.22; the issue is an integer overflow in kdb_log.c during a large update resize, which can cause an out-of-bounds write and crash the kadmind daemon after authentication. Public references consistently describe the vulnerabilit...

CVE-2025-24528

In MIT Kerberos 5 aka krb5 before 1.22 with incremental propagation, there is an integer overflow for a large update size to resize in kdblog.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash...

MiracleLinux 3 : krb5-1.6.1-80.AXS3 (AXSA:2014-537:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-537:02 advisory. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990229)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990229 advisory. In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion...

EUVD-2016-4172

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986567)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986567 advisory. In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion...

Linux Distros Unpatched Vulnerability : CVE-2024-39480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion with the Tab key, kdb will use strncpy to insert the completed...

Linux Distros Unpatched Vulnerability : CVE-2022-21499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger...

Linux Distros Unpatched Vulnerability : CVE-2016-3119

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The processdbargs function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 aka krb5 through 1.13.4 and 1.14....

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: kdb: Buffer overflow issue during tab-complete has been fixed. Currently, when a user attempts symbol completion using the Tab key, kdb uses strncpy to insert the completed symbol into the command buffer. Unfortunately, it passes...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.335.4.el8 - mm: memcg/slab: enable kmalloc-cg- caches for x8664. Imran Khan Orabug: 36951041 - printk: add kthread for long-running print Stephen Brennan Orabug: 36456582 - kdb: Use the passed prompt in kdbpositioncursor Douglas Anderson - driver core: Fix ueventshow vs driver detach...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2024-12611)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12611 advisory. - MIPS: Octeon: Add PCIe link status check Dave Kleikamp Orabug: 36952386 CVE-2024-40968 - net: relax socket state check at accept time. Paolo Abeni...

Amazon Linux 2 : kernel (ALAS-2024-2613)

The version of kernel installed on the remote host is prior to 4.14.349-266.564. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2613 advisory. In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlanroutev6outbound helper...