Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mit kerberos vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-44640
Heimdal prior to 7.7.1 allows remote malicious users to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).
Heimdal Project Heimdal
Samba Samba
9.8
CVSSv3
CVE-2021-25216
In BIND 9.5.0 -> 9.11.29, 9.12.0 -> 9.16.13, and versions BIND 9.11.3-S1 -> 9.11.29-S1 and 9.16.8-S1 -> 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.1 of the BIND 9.17 development branch, BIND servers are vulnerable if th...
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Isc Bind 9.11.7
Isc Bind 9.11.3
Isc Bind 9.11.6
Isc Bind 9.10.5
Isc Bind 9.11.5
Isc Bind 9.9.3
Isc Bind 9.10.7
Isc Bind 9.11.12
Isc Bind 9.11.8
Isc Bind 9.9.12
Isc Bind 9.9.13
Isc Bind 9.11.21
Isc Bind 9.16.8
Isc Bind 9.16.11
Isc Bind 9.11.27
Isc Bind 9.16.13
Isc Bind 9.11.29
Isc Bind
Siemens Sinec Infrastructure Network Services
Netapp Cloud Backup -
1 Github repository
1 Article
9.8
CVSSv3
CVE-2020-10595
pam-krb5 prior to 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library. It may overflow a buffer provided by the underlying Kerberos library by a single '\0' byte if an attacker responds to...
Pam-krb5 Project Pam-krb5
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2017-15088
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) up to and including 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in ...
Mit Kerberos 5
9.8
CVSSv3
CVE-2017-11462
Double free vulnerability in MIT Kerberos 5 (aka krb5) allows malicious users to have unspecified impact via vectors involving automatic deletion of security contexts on error.
Mit Kerberos 5 1.14
Mit Kerberos 5 1.14.1
Mit Kerberos 5 1.14.2
Mit Kerberos 5 1.14.3
Mit Kerberos 5 1.14.4
Mit Kerberos 5 1.14.5
Mit Kerberos 5 1.15
Mit Kerberos 5 1.15.1
Fedoraproject Fedora 26
Fedoraproject Fedora 25
9.8
CVSSv3
CVE-2008-0062
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
Mit Kerberos 5
Debian Debian Linux 3.1
Debian Debian Linux 4.0
Canonical Ubuntu Linux 7.04
Canonical Ubuntu Linux 7.10
Canonical Ubuntu Linux 6.10
Canonical Ubuntu Linux 6.06
Fedoraproject Fedora 8
Fedoraproject Fedora 7
9.8
CVSSv3
CVE-2005-1689
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and previous versions allows remote malicious users to execute arbitrary code via certain error conditions.
Mit Kerberos 5
Apple Mac Os X Server
Apple Mac Os X
Debian Debian Linux 3.1
Debian Debian Linux 3.0
9.8
CVSSv3
CVE-2004-0772
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and previous versions may allow remote malicious users to execute arbitrary code.
Mit Kerberos 5
Openpkg Openpkg 2.0
Openpkg Openpkg 2.1
Debian Debian Linux 3.0
8.8
CVSSv3
CVE-2023-39975
kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 prior to 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.
Mit Kerberos 5
8.8
CVSSv3
CVE-2022-42898
PAC parsing in MIT Kerberos 5 (aka krb5) prior to 1.19.4 and 1.20.x prior to 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and...
Mit Kerberos 5
Mit Kerberos 5 1.20
Heimdal Project Heimdal
Samba Samba
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »