Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
heimdal vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-29485
An issue exists in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows malicious users to bypass network filtering, execute arbitrary code, and obtain sensitive information via DarkLayer Guard threat prevention module.
Heimdalsecurity Thor
9.8
CVSSv3
CVE-2023-29486
An issue exists in Heimdal Thor agent versions 3.4.2 and prior to 3.7.0 on Windows, allows malicious users to bypass USB access restrictions, execute arbitrary code, and obtain sensitive information via Next-Gen Antivirus component.
Heimdalsecurity Thor
9.1
CVSSv3
CVE-2023-29487
An issue exists in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS, allows malicious users to cause a denial of service (DoS) via the Threat To Process Correlation threat prevention module.
Heimdalsecurity Thor
7.5
CVSSv3
CVE-2022-3116
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
Heimdal Project Heimdal
9.8
CVSSv3
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting ...
Samba Samba
7.5
CVSSv3
CVE-2022-45142
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branch...
Heimdal Project Heimdal 7.8.0
Heimdal Project Heimdal 7.7.1
6.5
CVSSv3
CVE-2022-3437
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory w...
Samba Samba
Fedoraproject Fedora 36
Fedoraproject Fedora 37
7.5
CVSSv3
CVE-2021-44758
Heimdal prior to 7.7.1 allows malicious users to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Heimdal Project Heimdal
8.8
CVSSv3
CVE-2022-42898
PAC parsing in MIT Kerberos 5 (aka krb5) prior to 1.19.4 and 1.20.x prior to 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and...
Mit Kerberos 5
Mit Kerberos 5 1.20
Heimdal Project Heimdal
Samba Samba
9.8
CVSSv3
CVE-2022-44640
Heimdal prior to 7.7.1 allows remote malicious users to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Heimdal Project Heimdal
Samba Samba
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675
CVE-2024-3400
CVE-2024-23557
mass assignment
CVE-2023-1389
local file inclusion
CVE-2024-32596
file upload
CVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »