Skip to main content

Kerberos

8 CVEs product

Monthly

CVE-2020-13110 npm HIGH POC PATCH This Week

The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Privilege Escalation Kerberos
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2018-20217 MEDIUM PATCH This Month

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Kerberos Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2018-5710 MEDIUM This Month

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Kerberos
NVD GitHub
CVSS 3.0
6.5
EPSS
1.8%
CVE-2018-5709 HIGH This Week

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Kerberos
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2017-11368 MEDIUM PATCH This Month

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Fedora Kerberos Kerberos 5
NVD GitHub
CVSS 3.0
6.5
EPSS
0.7%
CVE-2014-5354 LOW Monitor

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Kerberos Kerberos 5
NVD GitHub
CVSS 2.0
3.5
EPSS
0.5%
CVE-2014-4342 MEDIUM PATCH This Month

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Debian Linux Kerberos Kerberos 5 +4
NVD GitHub
CVSS 2.0
5.0
EPSS
8.1%
CVE-2013-6800 MEDIUM PATCH This Month

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos Kerberos 5
NVD GitHub
CVSS 2.0
4.0
EPSS
0.8%
EPSS 1% CVSS 7.8
HIGH POC PATCH This Week

The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js RCE Privilege Escalation +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Denial Of Service Kerberos Debian Linux
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM This Month

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Kerberos
NVD GitHub
EPSS 2% CVSS 7.5
HIGH This Week

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Kerberos
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Fedora Kerberos +1
NVD GitHub
EPSS 1% CVSS 3.5
LOW Monitor

plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Kerberos Kerberos 5
NVD GitHub
EPSS 8% CVSS 5.0
MEDIUM PATCH This Month

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Debian Linux +6
NVD GitHub
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

An unspecified third-party database module for the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x allows remote authenticated users to cause a denial of service (NULL pointer. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Kerberos Kerberos 5
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy