CVE-2025-54895 SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Elevation of Privilege Vulnerability

...

SUSE CVE-2015-2695

lib/gssapi/spnego/spnegomech.c in MIT Kerberos 5 aka krb5 before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service incorrect pointer read and process crash via a crafted SPNEGO packet that is mishandled during a gssinquirecontext call...

SUSE CVE-2021-25216

In BIND 9.5.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.11.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if they are running an affected version an...

ALPINE-CVE-2021-44758

Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferredmechtype of GSSCNOOID and a nonzero initialresponse value to sendaccept...

CVE-2022-37958

SPNEGO Extended Negotiation NEGOEX Security Mechanism Remote Code Execution Vulnerability...

spnego-http-auth-nginx-module 授权问题漏洞

Sean Timothy Noonan spnego-http-auth-nginx-module is a Sean Timothy Noonan open source application. It provides a way to add SPNEGO support to nginx functionality. A security vulnerability exists in SPNEGO HTTP Authentication Module for nginx, which stems from the fact that basic authentication c...

bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation

A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation

A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation

A buffer overflow flaw was found in the SPNEGO implementation used by BIND. This flaw allows a remote attacker to cause the named process to crash or possibly perform remote code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

DEBIAN-CVE-2009-0844

The getinputtoken function in the SPNEGO implementation in MIT Kerberos 5 aka krb5 1.5 through 1.6.3 allows remote attackers to cause a denial of service daemon crash and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read...

[Full-Disclosure] NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Topic: DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding Release Date: 2004-04-14 CVE CAN ID: CAN-2004-0119 http://www.nsfocus.com/english/homepage/research/0401.htm Affected Software and Systems: =================== - - Microsoft Window...