Max CVSS | 9.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2014-9423 | 5.0 |
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attacker
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2014-9422 | 6.1 |
The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obta
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2014-9421 | 9.0 |
The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated us
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 | |
CVE-2014-5351 | 2.1 |
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by lever
|
21-01-2020 - 15:46 | 10-10-2014 - 01:55 | |
CVE-2014-5352 | 9.0 |
The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-cont
|
21-01-2020 - 15:46 | 19-02-2015 - 11:59 |