Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/10 7:46 a.m.10 views

Security Bulletin: IBM Cloud Pak for Data System 1.0 is affected by multiple vulnerabilities

Summary IBM Cloud Pak for Data System 1.0 CPDS 1.0 includes multiple third-party components that are affected by various security vulnerabilities. These vulnerabilities include integer overflow issues in GLib leading to heap corruption and denial of service, a write-what-where condition in the...

9.8CVSS7.4AI score0.93235EPSS
Exploits32Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/28 12:0 a.m.9 views

CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS5.5AI score0.0046EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.7 views

NewStart CGSL MAIN 6.06 : krb5 Multiple Vulnerabilities (NS-SA-2025-0215)

The remote NewStart CGSL host, running version MAIN 6.06, has krb5 packages installed that are affected by multiple vulnerabilities: - plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers to...

10CVSS7.4AI score0.40345EPSS
Exploits17References147
OSV
OSV
added 2024/06/28 10:15 p.m.2 views

DEBIAN-CVE-2024-37370

In MIT Kerberos 5 aka krb5 before 1.21.3, an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, causing the unwrapped token to appear truncated to the application...

7.5CVSS7.1AI score0.00748EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.1 views

SUSE CVE-2007-5971

Double free vulnerability in the gsskrb5intmakesealtokenv3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 krb5 has unknown impact and attack vectors...

6.9CVSS7AI score0.0037EPSS
Exploits0References5
CNVD
CNVD
added 2017/08/10 12:0 a.m.2 views

MIT Kerberos 5 S4U2Self or S4U2Proxy Request Denial of Service Vulnerability

MIT Kerberos 5 is a set of network authentication protocols, which uses a client/server structure, and both the client and server side can authenticate each other, preventing eavesdropping, preventing replay attacks and so on. MIT Kerberos 5 has a security vulnerability in handling invalid S4U2Se...

6.5CVSS6.9AI score0.02397EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2011/02/08 9:39 p.m.4 views

krb5: KDC crash when using LDAP backend caused by a special principal name (MITKRB5-SA-2011-002)

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service NULL pointer dereference or buffer over-read, and daemon crash via a crafted principal name...

5CVSS6.7AI score0.03475EPSS
Exploits0References4
OSV
OSV
added 2010/12/02 4:22 p.m.1 views

DEBIAN-CVE-2010-4021

The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...

2.1CVSS6.4AI score0.02089EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2010/04/06 12:0 a.m.3 views

PT-2010-1096 · Mit +1 · Mit-Krb5 +2

Name of the Vulnerable Software and Affected Versions: MIT Kerberos 5 versions 1.5 through 1.6.3 mit-krb5 versions prior to 1.9.2-r1 Description: The issue concerns multiple vulnerabilities in the mit-krb5 package that can be exploited remotely, potentially leading to breaches of confidentiality,...

10CVSS5.6AI score0.05469EPSS
Exploits1References26
RedHat Linux
RedHat Linux
added 2005/07/12 6:15 p.m.6 views

security flaw

Double free vulnerability in the krb5recvauth function in MIT Kerberos 5 krb5 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions...

9.8CVSS7.8AI score0.11012EPSS
Exploits0References4
Rows per page
Query Builder