HIGH8.5
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:C
Severity:
Closed issues (17)
HIGH8.5
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы SUSE Linux Enterprise, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы Red Hat Enterprise Linux, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимость операционной системы CentOS, позволяющая удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
HIGH8.5
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CMEDIUM5.0
MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://secunia.com/advisories/60448
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.securityfocus.com/bid/68909
- http://www.securitytracker.com/id/1030706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94904
- https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://secunia.com/advisories/60448
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.securityfocus.com/bid/68909
- http://www.securitytracker.com/id/1030706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94904
- https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73
MEDIUM5.0
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:PReferences
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/68908
- http://www.securitytracker.com/id/1030706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94903
- https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7949
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.securityfocus.com/bid/68908
- http://www.securitytracker.com/id/1030706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94903
- https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73
HIGH7.6
Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.
CVSS 2.0HIGH 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:CReferences
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7969
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://secunia.com/advisories/60448
- http://secunia.com/advisories/61052
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html
- http://www.debian.org/security/2014/dsa-3000
- http://www.osvdb.org/109390
- http://www.securityfocus.com/bid/69159
- http://www.securitytracker.com/id/1030706
- https://bugzilla.redhat.com/show_bug.cgi?id=1121876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95211
- https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7969
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://secunia.com/advisories/60448
- http://secunia.com/advisories/61052
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15553.html
- http://www.debian.org/security/2014/dsa-3000
- http://www.osvdb.org/109390
- http://www.securityfocus.com/bid/69159
- http://www.securitytracker.com/id/1030706
- https://bugzilla.redhat.com/show_bug.cgi?id=1121876
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95211
- https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
HIGH7.8
The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:CReferences
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7970
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://secunia.com/advisories/60448
- http://secunia.com/advisories/61051
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15561.html
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.osvdb.org/109389
- http://www.securityfocus.com/bid/69160
- http://www.securitytracker.com/id/1030706
- https://bugzilla.redhat.com/show_bug.cgi?id=1121877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95210
- https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
- https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://aix.software.ibm.com/aix/efixes/security/nas_advisory1.asc
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7970
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136360.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/60082
- http://secunia.com/advisories/60448
- http://secunia.com/advisories/61051
- http://support.f5.com/kb/en-us/solutions/public/15000/500/sol15561.html
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.osvdb.org/109389
- http://www.securityfocus.com/bid/69160
- http://www.securitytracker.com/id/1030706
- https://bugzilla.redhat.com/show_bug.cgi?id=1121877
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95210
- https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
- https://github.com/krb5/krb5/commit/a7886f0ed1277c69142b14a2c6629175a6331edc
HIGH8.5
Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands.
CVSS 2.0HIGH 8.5
CVSS:2.0/AV:N/AC:M/Au:S/C:C/I:C/A:CReferences
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
- http://linux.oracle.com/errata/ELSA-2014-1255.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
- http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
- http://rhn.redhat.com/errata/RHSA-2014-1255.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/59415
- http://secunia.com/advisories/59993
- http://secunia.com/advisories/60535
- http://secunia.com/advisories/60776
- http://secunia.com/advisories/61314
- http://secunia.com/advisories/61353
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.osvdb.org/109908
- http://www.securityfocus.com/bid/69168
- http://www.securitytracker.com/id/1030705
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
- https://bugzilla.redhat.com/show_bug.cgi?id=1128157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
- https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
- https://github.com/krb5/krb5/pull/181
- http://advisories.mageia.org/MGASA-2014-0345.html
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=7980
- http://linux.oracle.com/errata/ELSA-2014-1255.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/136640.html
- http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137056.html
- http://lists.opensuse.org/opensuse-security-announce/2014-08/msg00009.html
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00030.html
- http://rhn.redhat.com/errata/RHSA-2014-1255.html
- http://rhn.redhat.com/errata/RHSA-2015-0439.html
- http://secunia.com/advisories/59102
- http://secunia.com/advisories/59415
- http://secunia.com/advisories/59993
- http://secunia.com/advisories/60535
- http://secunia.com/advisories/60776
- http://secunia.com/advisories/61314
- http://secunia.com/advisories/61353
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2014-001.txt
- http://www.debian.org/security/2014/dsa-3000
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:165
- http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html
- http://www.osvdb.org/109908
- http://www.securityfocus.com/bid/69168
- http://www.securitytracker.com/id/1030705
- https://blogs.oracle.com/sunsecurity/entry/cve_2014_4345_numeric_errors
- https://bugzilla.redhat.com/show_bug.cgi?id=1128157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95212
- https://github.com/krb5/krb5/commit/dc7ed55c689d57de7f7408b34631bf06fec9dab1
- https://github.com/krb5/krb5/pull/181
LOW2.1
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.
CVSS 2.0LOW 2.1
CVSS:2.0/AV:N/AC:H/Au:S/C:P/I:N/A:NReferences
- http://advisories.mageia.org/MGASA-2014-0477.html
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:224
- http://www.securityfocus.com/bid/70380
- http://www.securitytracker.com/id/1031003
- http://www.ubuntu.com/usn/USN-2498-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1145425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97028
- https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
- http://advisories.mageia.org/MGASA-2014-0477.html
- http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
- http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140132.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151103.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00016.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00044.html
- http://security.gentoo.org/glsa/glsa-201412-53.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:224
- http://www.securityfocus.com/bid/70380
- http://www.securitytracker.com/id/1031003
- http://www.ubuntu.com/usn/USN-2498-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1145425
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97028
- https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
- https://lists.debian.org/debian-lts-announce/2018/01/msg00040.html
LOW3.5
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:N/A:PReferences
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
- http://www.securityfocus.com/bid/71680
- http://www.securitytracker.com/id/1031376
- http://www.ubuntu.com/usn/USN-2498-1
- https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00061.html
- http://www.securityfocus.com/bid/71680
- http://www.securitytracker.com/id/1031376
- http://www.ubuntu.com/usn/USN-2498-1
- https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16