| Max CVSS | 9.0 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2014-5353 | 3.5 |
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via
|
02-02-2021 - 18:57 | 16-12-2014 - 23:59 | |
| CVE-2014-9422 | 6.1 |
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obta
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
| CVE-2014-9421 | 9.0 |
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated us
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
| CVE-2014-5355 | 5.0 |
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a
|
21-01-2020 - 15:46 | 20-02-2015 - 11:59 | |
| CVE-2014-5352 | 9.0 |
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-cont
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 |