14 matches found
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
CVE-2026-35337 Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
EUVD-2010-3997
Malware in sbrugna...
SUSE CVE-2010-4021
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...
FreeBSD Ports: krb5
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: krb5
The remote host is missing an update to the system as announced in the referenced advisory. VID 4ccbd40d-03f7-11e0-bf50-001a926c7637 OpenVAS Vulnerability Test $ Description: Auto generated from VID 4ccbd40d-03f7-11e0-bf50-001a926c7637 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...
Ubuntu Update for krb5 vulnerabilities USN-1030-1
Ubuntu Update for Linux kernel vulnerabilities USN-1030-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10301.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for krb5 vulnerabilities USN-1030-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
Ubuntu: Security Advisory (USN-1030-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : krb5 vulnerabilities (USN-1030-1)
It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center KDC or forge a KRB-SAFE message. CVE-2010-1323 It was discovered that Kerber...
CVE-2010-4021
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...
CVE-2010-4021
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...
Design/Logic Flaw
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...
CVE-2010-4021
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...
CVE-2010-4021
The Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."...