NewStart CGSL MAIN 7.02 : krb5 Multiple Vulnerabilities (NS-SA-2025-0147)

The remote NewStart CGSL host, running version MAIN 7.02, has krb5 packages installed that are affected by multiple vulnerabilities: - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid leng...

TencentOS Server 2: krb5 (TSSA-2024:0381)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0381 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

NewStart CGSL MAIN 7.02 : krb5 Multiple Vulnerabilities (NS-SA-2025-0081)

The remote NewStart CGSL host, running version MAIN 7.02, has krb5 packages installed that are affected by multiple vulnerabilities: - In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid leng...

Huawei EulerOS: Security Advisory for krb5 (EulerOS-SA-2025-1475)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : krb5 (EulerOS-SA-2025-1424)

According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped...

RockyLinux 9 : mysql (RLSA-2025:1671)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:1671 advisory. openssl: SSLselectnextproto buffer overread CVE-2024-5535 krb5: GSS message token handling CVE-2024-37371 curl: libcurl: ASN.1 date parser overread...

Oracle Linux 9 : krb5 (ELSA-2024-9331)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-9331 advisory. 1.21.1-3.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.21.1-3 - CVE-2024-37370 CVE-2024-37371 Fix vulnerabilities in GSS message tok...

Fedora 37 : krb5 (2022-a1747aca80)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-a1747aca80 advisory. Security fix for CVE-2022-42898 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 41 : krb5 (2024-36514cd080)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-36514cd080 advisory. Automatic update for krb5-1.21.2-6.fc41. Changelog Mon Jul 8 2024 Julien Rische - 1.21.2-6 - CVE-2024-37370 CVE-2024-37371: GSS message token handli...

Fedora 41 : krb5 (2024-bdc305fe55)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bdc305fe55 advisory. Automatic update for krb5-1.21.3-1.fc41. Changelog Tue Jul 9 2024 Julien Rische - 1.21.3-1 - New upstream version 1.21.3 - CVE-2024-26458: Memory le...

RHEL 9 : krb5 (RHSA-2024:9331)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9331 advisory. Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending...

EulerOS Virtualization 2.12.0 : krb5 (EulerOS-SA-2024-2770)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

EulerOS Virtualization 2.12.1 : krb5 (EulerOS-SA-2024-2752)

According to the versions of the krb5 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending...

RHSA-2011:1851 Red Hat Security Advisory: krb5 security update

Bulletin has no description...

[SECURITY] [DSA 5726-1] krb5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5726-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 05, 2024 https://www.debian.org/security/faq -...

SUSE-SU-2024:1148-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed a memory leak in pmaprmt.c bsc1220770 - CVE-2024-26461: Fixed a memory leak in k5sealv3.c bsc1220771...

SUSE-SU-2024:1006-1 Security update for krb5

This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmaprmt.c bsc1220770. - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c bsc1220771...

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423)

Summary Security vulnerabilities have been discovered in krb5 used with IBM Security Intrusion Prevention System. Vulnerability Details CVEID:CVE-2014-5352 DESCRIPTION: MIT krb5 could allow a remote authenticated attacker to execute arbitrary code on the system,, caused by a double-free error in...

Security Bulletin: IBM Security Network Intrusion Prevention System is affected by krb5 vulnerabilities (CVE-2014-4341, CVE-2013-1418 )

Summary Security vulnerabilities have been discovered in krb5 used with IBM Security Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-4341 DESCRIPTION: MIT Kerberos is vulnerable to a denial of service, caused by a NULL pointer dereference. By injecting invalid tokens into a...

Security Bulletin: IBM MQ Appliance is affected by krb5 vulnerabilities (CVE-2018-5730 and CVE-2018-5729)

Summary IBM MQ Appliance has addressed the following krb5 vulnerabilities. Vulnerability Details CVEID: CVE-2018-5730 DESCRIPTION: MIT krb5 could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the LDAP Kerberos database. By sending a specially-crafted...