Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
kerberos vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-45142
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branch...
Heimdal Project Heimdal 7.8.0
Heimdal Project Heimdal 7.7.1
7.5
CVSSv3
CVE-2022-47508
Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.
Solarwinds Server And Application Monitor 2022.4
7.5
CVSSv3
CVE-2023-23749
The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. An attacker can manipulate this paramter to dump arbitrary contents ...
Miniorange Ldap Integration With Active Directory And Openldap 5.0.2
7.5
CVSSv3
CVE-2021-44758
Heimdal prior to 7.7.1 allows malicious users to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.
Heimdal Project Heimdal
7.5
CVSSv3
CVE-2022-41916
Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions before 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applica...
Heimdal Project Heimdal
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv3
CVE-2022-41053
Windows Kerberos Denial of Service Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows 10 1607
Microsoft Windows 8.1 -
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows 10 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows 7 Sp1
Microsoft Windows 10 20h2
Microsoft Windows 10 21h1
Microsoft Windows Server 2022 -
Microsoft Windows 11 -
Microsoft Windows 10 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 22h2
7.5
CVSSv3
CVE-2022-39028
telnetd in GNU Inetutils up to and including 2.3, MIT krb5-appl up to and including 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available ...
Gnu Inetutils
Mit Kerberos 5
Debian Debian Linux 10.0
Netkit-telnet Project Netkit-telnet
7.5
CVSSv3
CVE-2022-26931
Windows Kerberos Elevation of Privilege Vulnerability
Microsoft Windows 10 -
Microsoft Windows 10 1607
Microsoft Windows Server 2008 R2
Microsoft Windows 7 -
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Rt 8.1 -
Microsoft Windows Server 2012 -
Microsoft Windows 8.1 -
Microsoft Windows Server 2019 -
Microsoft Windows 10 1809
Microsoft Windows 10 1909
Microsoft Windows 10 20h2
Microsoft Windows Server 2008 Sp2
Microsoft Windows 10 21h1
Microsoft Windows 11 -
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
7.5
CVSSv3
CVE-2021-23192
A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.
Samba Samba
7.5
CVSSv3
CVE-2021-36222
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) prior to 1.18.4 and 1.19.x prior to 1.19.2 allows remote malicious users to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly ma...
Mit Kerberos 5
Debian Debian Linux 10.0
Netapp Active Iq Unified Manager -
Netapp Oncommand Insight -
Netapp Oncommand Workflow Automation -
Netapp Snapcenter -
Oracle Mysql Server
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »