18 matches found
EUVD-2006-5972
Malware in sbrugna...
EUVD-2005-1983
Malware in sbrugna...
Advisory ROSA-SA-2025-2889
Software: krb5 1.18.2 OS: ROSA Virtualization 3.0 packageevrstring: krb5-1.18.2-32.0.1.rv30 CVE-ID: CVE-2025-3576 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the MIT Kerberos implementation allows an attacker to spoof messages protected by GSSAPI using RC4-HMAC-MD5 due to...
CVE-2025-3576 Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
SUSE: Security Advisory (SUSE-SU-2020:3377-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2020:3375-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS Virtualization 3.0.6.6 : krb5 (EulerOS-SA-2021-1487)
According to the version of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message becaus...
OPENSUSE-SU-2020:2062-1 Security update for krb5
This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message bsc1178512. This update was imported from the SUSE:SLE-15-SP1:Update update project...
Security update for krb5 (moderate)
openSUSE Security Update: Security update for krb5 Announcement ID: openSUSE-SU-2020:2062-1 Rating: moderate References: 1178512 Cross-References: CVE-2020-28196 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for krb5 fixes...
OPENSUSE-SU-2020:2037-1 Security update for krb5
This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message bsc1178512. This update was imported from the SUSE:SLE-15-SP1:Update update project...
Security update for krb5 (moderate)
openSUSE Security Update: Security update for krb5 Announcement ID: openSUSE-SU-2020:2037-1 Rating: moderate References: 1178512 Cross-References: CVE-2020-28196 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for krb5 fixes...
SUSE-SU-2020:3379-1 Security update for krb5
This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message bsc1178512...
CVE-2020-28196
MIT Kerberos 5 aka krb5 before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1encode.c support for BER indefinite lengths lacks a recursion limit...
security flaw
Off-by-one error in the dergetoid function in modauthkerb 5.0 allows remote attackers to cause a denial of service crash via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array...
CVE-2006-5989
Off-by-one error in the dergetoid function in modauthkerb 5.0 allows remote attackers to cause a denial of service crash via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array...
CVE-2006-5989
Off-by-one error in the dergetoid function in modauthkerb 5.0 allows remote attackers to cause a denial of service crash via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array...
CVE-2006-5989
Removed by vendor...
CVE-2006-5989
Off-by-one error in the dergetoid function in modauthkerb 5.0 allows remote attackers to cause a denial of service crash via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array...