Mit

Kerberos 5

137 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-4341

  • EPSS 12.61%
  • Published 20.07.2014 11:12:50
  • Last modified 12.04.2025 10:46:40

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

5

CVE-2014-4342

  • EPSS 7.31%
  • Published 20.07.2014 11:12:50
  • Last modified 12.04.2025 10:46:40

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

3.5

CVE-2013-1417

Exploit
  • EPSS 0.54%
  • Published 20.11.2013 14:12:44
  • Last modified 11.04.2025 00:51:21

do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that tr...

4.3

CVE-2013-1418

  • EPSS 5.86%
  • Published 18.11.2013 03:55:05
  • Last modified 11.04.2025 00:51:21

The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon ...

4

CVE-2013-6800

  • EPSS 0.56%
  • Published 18.11.2013 02:55:10
  • Last modified 11.04.2025 00:51:21

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request, a d...

5

CVE-2002-2443

  • EPSS 21.41%
  • Published 29.05.2013 14:29:06
  • Last modified 11.04.2025 00:51:21

schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a for...

4

CVE-2013-1416

  • EPSS 2.64%
  • Published 19.04.2013 11:44:26
  • Last modified 11.04.2025 00:51:21

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of s...

5

CVE-2013-1415

  • EPSS 1.59%
  • Published 05.03.2013 05:05:57
  • Last modified 11.04.2025 00:51:21

The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors...

5

CVE-2012-1016

  • EPSS 0.64%
  • Published 05.03.2013 04:54:02
  • Last modified 11.04.2025 00:51:21

The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate c...

9

CVE-2012-1014

  • EPSS 1.84%
  • Published 06.08.2012 16:55:01
  • Last modified 11.04.2025 00:51:21

The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer deref...