Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kerberos vulnerabilities and exploits
(subscribe to this query)
9.9
CVSSv3
CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CD...
Cloudera Data Science Workbench
9.8
CVSSv3
CVE-2023-3326
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 ...
Freebsd Freebsd 12.4
Freebsd Freebsd 13.1
Freebsd Freebsd
Freebsd Freebsd 13.2
9.8
CVSSv3
CVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting ...
Samba Samba
9.8
CVSSv3
CVE-2022-44640
Heimdal prior to 7.7.1 allows remote malicious users to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Heimdal Project Heimdal
Samba Samba
9.8
CVSSv3
CVE-2021-40874
An issue exists in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer plug-in to operate a REST password validation service (for another LemonLDAP::NG instance, for example) and using the Kerberos authentication method combined with another method with the Combina...
Lemonldap-ng Lemonldap\\ \\
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2022-33139
A vulnerability has been identified in Cerberus DMS (All versions), Desigo CC (All versions), Desigo CC Compact (All versions), SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3....
Siemens Desigo Cc
Siemens Wincc Open Architecture 3.16
Siemens Wincc Open Architecture 3.17
Siemens Wincc Open Architecture 3.18
Siemens Desigo Cc Compact
Siemens Cerberus Dms
9.8
CVSSv3
CVE-2021-23008
On version 15.1.x prior to 15.1.3, 14.1.x prior to 14.1.4, 13.1.x prior to 13.1.4, 12.1.x prior to 12.1.6, and all versions of 16.0.x and 11.6.x., BIG-IP APM AD (Active Directory) authentication can be bypassed via a spoofed AS-REP (Kerberos Authentication Service Response) respo...
9.8
CVSSv3
CVE-2021-25216
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if th...
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Isc Bind 9.11.7
Isc Bind 9.11.3
Isc Bind 9.11.6
Isc Bind 9.10.5
Isc Bind 9.11.5
Isc Bind 9.9.3
Isc Bind 9.10.7
Isc Bind 9.11.12
Isc Bind
Isc Bind 9.9.12
Isc Bind 9.9.13
Isc Bind 9.11.8
Isc Bind 9.11.21
Isc Bind 9.11.27
Isc Bind 9.11.29
Isc Bind 9.16.8
Isc Bind 9.16.11
Isc Bind 9.16.13
Siemens Sinec Infrastructure Network Services
Netapp Cloud Backup -
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-3125
A vulnerability in the Kerberos authentication feature of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote malicious user to impersonate the Kerberos key distribution center (KDC) and bypass authentication on an affected device that is confi...
Cisco Asa 5505 Firmware 9.10\\(1.220\\)
Cisco Asa 5510 Firmware 9.10\\(1.220\\)
Cisco Asa 5512-x Firmware 9.10\\(1.220\\)
Cisco Asa 5515-x Firmware 9.10\\(1.220\\)
Cisco Asa 5520 Firmware 9.10\\(1.220\\)
Cisco Asa 5525-x Firmware 9.10\\(1.220\\)
Cisco Asa 5540 Firmware 9.10\\(1.220\\)
Cisco Asa 5545-x Firmware 9.10\\(1.220\\)
Cisco Asa 5550 Firmware 9.10\\(1.220\\)
Cisco Asa 5555-x Firmware 9.10\\(1.220\\)
Cisco Asa 5580 Firmware 9.10\\(1.220\\)
Cisco Asa 5585-x Firmware 9.10\\(1.220\\)
Cisco Adaptive Security Appliance Software
1 Article
9.8
CVSSv3
CVE-2020-10595
pam-krb5 prior to 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to...
Pam-krb5 Project Pam-krb5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »