Max CVSS | 5.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2013-1418 | 4.3 |
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon
|
02-02-2021 - 19:04 | 18-11-2013 - 03:55 | |
CVE-2014-5353 | 3.5 |
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via
|
02-02-2021 - 18:57 | 16-12-2014 - 23:59 | |
CVE-2016-3119 | 3.5 |
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users
|
21-01-2020 - 15:47 | 26-03-2016 - 01:59 | |
CVE-2016-3120 | 4.0 |
The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows r
|
21-01-2020 - 15:47 | 01-08-2016 - 02:59 | |
CVE-2014-5355 | 5.0 |
MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a
|
21-01-2020 - 15:46 | 20-02-2015 - 11:59 | |
CVE-2014-5351 | 2.1 |
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by lever
|
21-01-2020 - 15:46 | 10-10-2014 - 01:55 |