10 matches found
Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities
Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include integer overflow issues in GLib leading to heap corruption and denial of service, a write-what-where condition in the...
CVE-2026-40356
In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...
NewStart CGSL MAIN 6.06 : krb5 Multiple Vulnerabilities (NS-SA-2025-0215)
The remote NewStart CGSL host, running version MAIN 6.06, has krb5 packages installed that are affected by multiple vulnerabilities: - plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers to...
DEBIAN-CVE-2024-37370
In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...
SUSE CVE-2007-5971
Double free vulnerability in the gsskrb5intmakesealtokenv3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 krb5 has unknown impact and attack vectors...
MIT Kerberos 5 S4U2Self or S4U2Proxy Request Denial of Service Vulnerability
MIT Kerberos 5 is a set of network authentication protocols, which uses a client/server structure, and both the client and server side can authenticate each other, preventing eavesdropping, preventing replay attacks and so on. MIT Kerberos 5 has a security vulnerability in handling invalid S4U2Se...
krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and daemon crash via a crafted principal name...
DEBIAN-CVE-2010-4021
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...
PT-2010-1096 · Mit +1 · Mit-Krb5 +2
Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions 1.5 through 1.6.3 mit-krb5 versions prior to 1.9.2-r1 Description: The issue concerns multiple vulnerabilities in the mit-krb5 package that can be exploited remotely, potentially leading to breaches of confidentiality,...
security flaw
Double free vulnerability in the krb5recvauth function in MIT Kerberos 5 krb5 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions...