Lucene search
+L

8 matches found

OSV
OSV
added 2026/05/09 12:33 p.m.11 views

OESA-2026-2257 krb5 security update

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fixes: In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext...

7.5CVSS5.8AI score0.00507EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system...

7.5CVSS5.9AI score0.00501EPSS
Exploits1References3
NVD
NVD
added 2026/04/28 6:16 a.m.7 views

CVE-2026-40355

In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...

7.5CVSS0.00507EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/28 12:0 a.m.15 views

CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS5.5AI score0.00501EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/08/08 4:53 a.m.8 views

kernel: SUNRPC: fix a memleak in gss_import_v2_context

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gssimportv2context The ctx-mechused.data allocated by kmemdup is not freed in neither gssimportv2context nor it only caller gsskrb5importseccontext, which frees ctx on error. Thus, this patch reform the...

5.5CVSS6.8AI score0.00275EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:20 a.m.1 views

SUSE CVE-2015-2698

The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service memory corruption or possibly have unspecified other impact by...

8.5CVSS7.3AI score0.02891EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2023/02/14 5:35 p.m.27 views

CVE-2023-25564

GSS-NTLMSSP is a mechglue plugin for the GSSAPI library that implements NTLM authentication. Prior to version 1.2.0, memory corruption can be triggered when decoding UTF16 strings. The variable outlen was not initialized and could cause writing a zero to an arbitrary place in memory if...

8.2CVSS7.9AI score0.01942EPSS
Exploits0
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.4 views

GSS-NTLMSSP 安全漏洞

GSS-NTLMSSP is gssapi open source mechglue plugin that implements NTLM authentication GSSAPI library . GSS-NTLMSSP 1.2.0 before the version of a security vulnerability , the vulnerability stems from the decoding of the target information when the wrong release will trigger a denial of service , a...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References5
Rows per page
Query Builder