Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:mit:kerberos_5:1.12.1:*:*:*:*:*:*:*
There are 25 matching records.
Displaying matches 21 through 25.
Vuln ID Summary CVSS Severity
CVE-2014-4344

The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.

Published: August 14, 2014; 1:01:49 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2014-4343

Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.

Published: August 14, 2014; 1:01:49 AM -0400
V3.x:(not available)
V2.0: 7.6 HIGH
CVE-2014-4342

MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.

Published: July 20, 2014; 7:12:50 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-4341

MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.

Published: July 20, 2014; 7:12:50 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2001-1323

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when the radix_encode function processes file glob output from the ftpglob function.

Published: May 16, 2001; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH