Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kerberos vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2001-0034
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
Kth Kth Kerberos
1 EDB exploit
5
CVSSv2
CVE-2006-6144
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 up to and including 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote malicious users to cause a denial of service (crash) via...
Mit Kerberos 5
9.3
CVSSv2
CVE-2007-5894
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under ...
Mit Kerberos 5 -
10
CVSSv2
CVE-2007-5902
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote malicious users to have an unknown impact via a large length value for a GSS client name in an RPC request.
Mit Kerberos 5 -
7.5
CVSSv2
CVE-2017-15088
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) up to and including 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote malicious users to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in ...
Mit Kerberos 5
7.5
CVSSv2
CVE-2003-0138
Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an malicious user to impersonate any principal in a realm via a chosen-plaintext attack.
Mit Kerberos 4
7.5
CVSSv2
CVE-2003-0139
Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an malicious user to create krb4 tickets for unauthorized principals using a cut-and-paste attack and "ti...
Mit Kerberos 4
5
CVSSv2
CVE-2012-1016
The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows r...
Mit Kerberos 5
7.2
CVSSv2
CVE-2004-1189
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds er...
Mit Kerberos 5
7.5
CVSSv2
CVE-2014-8650
python-requests-Kerberos up to and including 0.5 does not handle mutual authentication
Requests-kerberos Project Requests-kerberos
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »