) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0:*:*:*:*:*:*:*
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2014-4344 |
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation. Published: August 14, 2014; 1:01:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
| CVE-2014-4343 |
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator. Published: August 14, 2014; 1:01:49 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.6 HIGH |
| CVE-2014-4342 |
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session. Published: July 20, 2014; 7:12:50 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |