21 matches found
SUSE CVE-2026-31637
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...
DEBIAN-CVE-2026-31637
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...
CVE-2026-31637
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...
EUVD-2026-25530
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...
CVE-2026-31637
In the Linux kernel, the following vulnerability has been resolved: rxrpc: reject undecryptable rxkad response tickets rxkaddecryptticket decrypts the RXKAD response ticket and then parses the buffer as plaintext without checking whether cryptoskcipherdecrypt succeeded. A malformed RESPONSE can...
CVE-2026-31637
The CVE-2026-31637 vulnerability lies in the Linux kernel rxrpc subsystem. Specifically, rxkad_decrypt_ticket() decrypts the RXKAD response ticket and then parses the buffer as plaintext without confirming that crypto_skcipher_decrypt() succeeded. A malformed RXKAD response could use a non-block-...
PT-2026-34989
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The rxkad decrypt ticket function decrypts the RXKAD response ticket but parses the buffer as plaintext without verifying if the crypto skcipher decrypt operation was successful. A...
Azure Linux 3.0 Security Update: samba (CVE-2022-2031)
The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-2031 advisory. - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single...
Linux Distros Unpatched Vulnerability : CVE-2022-2031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt...
PT-2024-5802
Name of the Vulnerable Software and Affected Versions FreeIPA versions prior to 4.12.2 Description A vulnerability was found in FreeIPA where a Kerberos TGS-REQ is encrypted using the client's session key. However, the ticket it contains is encrypted using the target principal key directly. For...
SUSE CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
DEBIAN-CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
AZL-10735 CVE-2022-2031 affecting package samba 4.12.5-7
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
Code injection
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
CVE-2022-2031
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...
CVE-2022-2031
CVE-2022-2031 affects Samba. A flaw occurs when KDC and kpasswd service share a single account and keys, allowing a password-change-initiated user to decrypt tickets and obtain/use tickets to other services. Impact is high per linked advisories; multiple vendors note updates/patches exist (e.g., ...
Slackware Linux 15.0 / current samba Multiple Vulnerabilities (SSA:2022-208-01)
The version of samba installed on the remote host is prior to 4.15.9 / 4.16.4. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-208-01 advisory. - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or...
PT-2022-4426 · Samba +6 · Samba +6
Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw in Samba occurs when the KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. This issue is related to the authentication...
CVE-2015-4537
EMC Documentum D2 vulnerability CVE-2015-4537 affects the Lockbox component. If the server lacks the D2.Lockbox file, D2 uses a hardcoded passphrase to encrypt admin tickets, enabling an attacker who can decompile D2 JARs to recover the passphrase and decrypt tickets. Affected products include EM...