97 matches found
The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
CVE-2026-60109 Zeek < 8.0.9 Null Pointer Dereference DoS via Kerberos KRB_ERROR Parsing
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
EUVD-2026-42598
Zeek before 8.0.9 contains a null pointer dereference vulnerability in its Kerberos protocol analyzer that allows unauthenticated remote attackers to crash the sensor by sending a crafted KRBERROR message with error-code 25 KDCERRPREAUTHREQUIRED containing a PA-DATA element with padata-type 2, 3,...
CVE-2026-55957
Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...
MIT Kerberos 数字错误漏洞
MIT krb5 is a network authentication protocol developed by the Massachusetts Institute of Technology in the United States. It operates on a client/server architecture, and both the client and server can perform identity authentication i.e., double verification, which helps prevent eavesdropping a...
CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
Exploit for Improper Input Validation in Microsoft
🚨 CVE-2026-33826: Windows Active Directory Remote Code Executi...
CVE-2019-12175
In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a case-type index is mishandled...
EUVD-2018-8607
Malware in sbrugna...
EUVD-2017-2740
Malware in sbrugna...
EUVD-2003-0135
Malware in sbrugna...
EUVD-2003-0134
Malware in sbrugna...
EUVD-2019-3824
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-12175
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Zeek Network Security Monitor formerly known as Bro before 2.6.2, a NULL pointer dereference in the Kerberos aka KRB protocol parser leads to DoS because a...
Krb5: kerberos rc4-hmac-md5 checksum vulnerability enabling message spoofing via md5 collisions
...
krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This ma...
RHEL 9 : krb5 (RHSA-2025:13664)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13664 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending password...
CLSA-2025-1751895517 krb5: Fix of CVE-2025-3576
CVE-2025-3576: possible spoofing of GSSAPI-protected messages using RC4-HMAC-MD5...
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server, related to an authentication error, allows unauthorized access to user domain accounts.
The vulnerability of the “Termide Virtual Desktops Connection Manager” software server is related to an authentication error based on the Kerberos protocol. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to user account credentials...
The vulnerability of the Kerberos authentication network protocol for Windows operating systems allows attackers to increase their privileges.
The vulnerability of the Kerberos authentication protocol for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to enhance their privileges remotely...