CRITICAL9.8CVE-2017-15088plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which… from 0, < 1.15.2-2
CRITICAL9.8CVE-2017-11462Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion… from 0, < 1.15.2-1
CRITICAL9.8krb5 - multiple vulnerabilities
from 0, < 1.6.dfsg.3~beta1-4
CRITICAL9.8krb5 - multiple vulnerabilities
from 0, < 1.3.6-2sarge6
CRITICAL9.8Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbit…
from 0, < 1.3.6-4
CRITICAL9.8Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to exe…
from 0, < 1.3.4-3
CRITICAL9.8acm - integer overflow
from 0, < 1.2.4-5woody1
CRITICAL9.8acm - integer overflow
from 0, < 1.2.5-2
CRITICAL9.1In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message…
from 0, < 1.18.3-6+deb11u5
HIGH8.8krb5 - security update
from 0, < 1.18.3-6+deb11u3
HIGH8.8krb5 - security update
from 0, < 1.18.3-6+deb11u3
HIGH8.8krb5 - security update
from 0, < 1.17-3+deb10u5
HIGH7.5krb5 - security update
from 0, < 1.18.3-6+deb11u5
HIGH7.5krb5 - security update
from 0, < 1.18.3-6+deb11u5
HIGH7.5Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.
from 0
HIGH7.5krb5 - security update
from 0, < 1.17-3+deb10u2
HIGH7.5krb5 - security update
from 0, < 1.18.3-6
HIGH7.5krb5 - security update
from 0, < 1.15-1+deb9u2
HIGH7.5krb5 - security update
from 0, < 1.17-3+deb10u1
HIGH7.5krb5 - security update
from 0, < 1.18.3-1
HIGH7.5An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.
from 0
HIGH7.5The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (ak…
from 0, < 1.13.2+dfsg-5
HIGH7.5The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error m…
from 0, < 1.6.dfsg.3~beta1-4
HIGH7.1krb5 - security update
from 0, < 1.18.3-6+deb11u6
HIGH7.1krb5 - security update
from 0, < 1.18.3-6+deb11u6
MEDIUM6.5krb5 - security update
from 0, < 1.17-3+deb10u6
MEDIUM6.5krb5 - security update
from 0, < 1.18.3-6+deb11u4
MEDIUM6.5The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc…
from 0, < 1.18.3-6+deb11u1
MEDIUM6.5An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16.
from 0, < 1.16.1-1
MEDIUM6.5krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u8
MEDIUM6.5krb5 - security update
from 0, < 1.15.1-2
MEDIUM6.5The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x be…
from 0, < 1.14.3+dfsg-1
MEDIUM6.5Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow…
from 0, < 1.13.2+dfsg-5
MEDIUM6.5krb5 - denial of service
from 0, < 1.7+dfsg-1
MEDIUM6.5krb5 - denial of service
from 0, < 1.6.dfsg.4~beta1-5lenny3
MEDIUM6.3MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to…
from 0, < 1.8.3+dfsg-3
MEDIUM5.9In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_acce…
from 0
MEDIUM5.9In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a syste…
from 0
MEDIUM5.9krb5 - security update
from 0, < 1.18.3-6+deb11u7
MEDIUM5.9krb5 - security update
from 0, < 1.18.3-6+deb11u7
MEDIUM5.5Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.
from 0, < 1.20.1-2+deb12u3
MEDIUM5.3Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.
from 0
MEDIUM5.3krb5 - security update
from 0, < 1.15-1+deb9u3
MEDIUM5.3krb5 - security update
from 0, < 1.12.1+dfsg-19+deb8u5
MEDIUM5.3krb5 - security update
from 0, < 1.16.2-1
MEDIUM5.3The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb…
from 0, < 1.14.2+dfsg-1
MEDIUM5.3krb5 - security update
from 0, < 1.13.2+dfsg-5
MEDIUM5.3krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze11
MEDIUM5.3krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u7
MEDIUM5.0An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c.
from 0
MEDIUM4.7MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of se…
from 0, < 1.16.1-1
LOW3.8MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN cont…
from 0, < 1.16.1-1
LOW3.7MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remot…
from 0, < 1.8.3+dfsg-3
LOW3.7krb5 - checksum verification weakness
from 0, < 1.6.dfsg.4~beta1-5lenny6
LOW3.7krb5 - checksum verification weakness
from 0, < 1.8.3+dfsg-3
—The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly…
from 0, < 1.13.2+dfsg-4
—krb5 - security update
from 0, < 1.13.2+dfsg-3
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u6
—lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers…
from 0, < 1.13.2+dfsg-3
—krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze10
—krb5 - security update
from 0, < 1.13.2+dfsg-3
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u4
—The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has be…
from 0, < 1.12.1+dfsg-20
—MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '…
from 0, < 1.12.1+dfsg-18
—The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.…
from 0, < 1.12.1+dfsg-17
—The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.…
from 0, < 1.12.1+dfsg-17
—The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and…
from 0, < 1.12.1+dfsg-17
—krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze9
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u3
—krb5 - security update
from 0, < 1.12.1+dfsg-17
—plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows…
from 0, < 1.12.1+dfsg-16
—The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.…
from 0, < 1.12.1+dfsg-16
—The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys…
from 0, < 1.12.1+dfsg-10
—Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmi…
from 0, < 1.12.1+dfsg-7
—The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x befor…
from 0, < 1.12.1+dfsg-5
—Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (a…
from 0, < 1.12.1+dfsg-5
—MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL…
from 0, < 1.12.1+dfsg-4
—krb5 - security update
from 0, < 1.12.1+dfsg-4
—krb5 - security update
from 0, < 1.8.3+dfsg-4squeeze8
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u2
—do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is us…
from 0, < 1.11.3+dfsg-3+nmu1
—krb5 - security update
from 0, < 1.10.1+dfsg-5+deb7u9
—krb5 - security update
from 0, < 1.11.3+dfsg-3+nmu1
—krb5 - denial of service
from 0, < 1.10.1+dfsg-6
—krb5 - denial of service
from 0, < 1.8.3+dfsg-4squeeze7
—The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not pr…
from 0, < 1.10.1+dfsg-5
—The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution C…
from 0, < 1.10.1+dfsg-4
—The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center…
from 0, < 1.10.1+dfsg-4+nmu1
—The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5,…
from 0, < 1.10.1+dfsg-2
—krb5 - denial of service
from 0, < 1.10.1+dfsg-2
—krb5 - denial of service
from 0, < 1.8.3+dfsg-4squeeze6
—The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.…
from 0, < 1.10.1+dfsg-3
—server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict acce…
from 0, < 1.10.1+dfsg-1
—krb5 - buffer overflow
from 0, < 1.8+dfsg~aa+r23527-1
—krb5 - buffer overflow
from 0, < 1.6.dfsg.4~beta1-5lenny7
—The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows rem…
from 0, < 1.10+dfsg~alpha1-7
—The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka…
from 0, < 1.10+dfsg~alpha1-1
—The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.…
from 0, < 1.10+dfsg~alpha1-1
—krb5 - several
from 0, < 1.10+dfsg~alpha1-1
—krb5 - several
from 0, < 1.8.3+dfsg-4squeeze5