Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gss it vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2010-4021
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery i...
Mit Kerberos 5 1.7
6.3
CVSSv3
CVE-2010-4020
MIT Kerberos 5 (aka krb5) 1.8.x up to and including 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that r...
Mit Kerberos 5 1.8
Mit Kerberos 5 1.8.3
Mit Kerberos 5 1.8.1
Mit Kerberos 5 1.8.2
NA
CVE-2015-2696
lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) prior to 1.14 relies on an inappropriate context handle, which allows remote malicious users to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_i...
Mit Kerberos 5
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 12
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
NA
CVE-2015-2695
lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) prior to 1.14 relies on an inappropriate context handle, which allows remote malicious users to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during ...
Mit Kerberos 5
Oracle Solaris 11.3
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 11
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 11
Suse Linux Enterprise Software Development Kit 12
NA
CVE-2007-5902
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote malicious users to have an unknown impact via a large length value for a GSS client name in an RPC request.
Mit Kerberos 5 -
NA
CVE-2015-2697
The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) prior to 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS requ...
Mit Kerberos 5
Oracle Solaris 11.3
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 15.04
Canonical Ubuntu Linux 15.10
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Opensuse Leap 42.1
Opensuse Opensuse 13.1
Opensuse Opensuse 13.2
Suse Linux Enterprise Desktop 12
Suse Linux Enterprise Server 12
Suse Linux Enterprise Software Development Kit 12
NA
CVE-2009-3555
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and previous versions, OpenSSL prior to 0.9.8l, GnuTLS 2.8.5 and previous versions, Mozilla Network Security Ser...
Openssl Openssl 1.0
Apache Http Server
Openssl Openssl
Gnu Gnutls
Mozilla Nss
Debian Debian Linux 5.0
Canonical Ubuntu Linux 10.10
Fedoraproject Fedora 11
Fedoraproject Fedora 13
Debian Debian Linux 4.0
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Canonical Ubuntu Linux 9.04
Debian Debian Linux 6.0
Fedoraproject Fedora 12
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 9.10
Fedoraproject Fedora 14
F5 Nginx
2 EDB exploits
10 Github repositories
NA
CVE-2003-0851
OpenSSL 0.9.6k allows remote malicious users to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences.
Cisco Ios 12.1\\(11\\)e
Cisco Ios 12.2sy
Cisco Ios 12.1\\(11b\\)e
Cisco Ios 12.2sx
Cisco Css11000 Content Services Switch
Cisco Pix Firewall 6.2.2 .111
Openssl Openssl 0.9.6f
Openssl Openssl 0.9.6g
Cisco Pix Firewall Software 6.0
Cisco Pix Firewall Software 6.0\\(1\\)
Cisco Pix Firewall Software 6.1\\(2\\)
Cisco Pix Firewall Software 6.1\\(3\\)
Cisco Pix Firewall Software 6.3\\(1\\)
Cisco Pix Firewall Software 6.3\\(3.102\\)
Openssl Openssl 0.9.6
Openssl Openssl 0.9.6a
Openssl Openssl 0.9.6h
Openssl Openssl 0.9.6i
Cisco Pix Firewall Software 6.0\\(2\\)
Cisco Pix Firewall Software 6.0\\(3\\)
Cisco Pix Firewall Software 6.1\\(4\\)
Cisco Pix Firewall Software 6.1\\(5\\)
8.8
CVSSv3
CVE-2023-27533
A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an malicious user to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an ma...
Haxx Curl
Fedoraproject Fedora 36
Netapp Active Iq Unified Manager -
Netapp Clustered Data Ontap 9.0
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
5.9
CVSSv3
CVE-2023-27535
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current set...
Haxx Libcurl
Fedoraproject Fedora 36
Debian Debian Linux 10.0
Netapp Active Iq Unified Manager -
Netapp Ontap 9 -
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Splunk Universal Forwarder 9.1.0
Splunk Universal Forwarder
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »