Mit Kerberos 5 1.12
Approved changes feed: RSS · Atom
cpe:2.3:a:mit:kerberos_5:1.12:*:*:*:*:*:*:*
part: a version: 1.12 update: *
| Vendor | Mit (82b7f5d9-694f-5ac9-86aa-26958677636b) |
|---|---|
| Product | Kerberos 5 (774ea4a1-4fda-5d25-92ac-c66a6356a1e3) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/krb5/krb5 |
purl2cpe | 2026-06-01 10:16:02.475409 |
pkg:rpm/fedora/krb5 |
purl2cpe | 2026-06-01 10:16:02.475411 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2017-11368 |
vulnerable | 2026-06-08 05:08:37.488604 |
Details available
In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.
Published: 2017-08-09T18:00:00.000Z
Updated: 2024-08-05T18:05:30.590Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2016-3119 |
vulnerable | 2026-06-08 05:07:44.531863 |
Details available
The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.
Published: 2016-03-26T01:00:00.000Z
Updated: 2024-08-05T23:47:57.271Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-8630 |
vulnerable | 2026-06-08 05:07:04.560106 |
Details available
The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.
Published: 2016-02-13T02:00:00.000Z
Updated: 2024-08-06T08:20:43.695Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2015-2694 |
vulnerable | 2026-06-08 05:06:35.573510 |
Details available
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.
Published: 2015-05-25T19:00:00.000Z
Updated: 2024-08-06T05:24:38.376Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9423 |
vulnerable | 2026-06-08 05:06:11.630273 |
Details available
The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.
Published: 2015-02-19T11:00:00.000Z
Updated: 2024-08-06T13:47:41.334Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9422 |
vulnerable | 2026-06-08 05:06:11.629615 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-9421 |
vulnerable | 2026-06-08 05:06:11.627429 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-5355 |
vulnerable | 2026-06-08 05:05:47.736829 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-5354 |
vulnerable | 2026-06-08 05:05:47.719458 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-5352 |
vulnerable | 2026-06-08 05:05:47.708788 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-4345 |
vulnerable | 2026-06-08 05:05:44.645807 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-4344 |
vulnerable | 2026-06-08 05:05:44.640349 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-4343 |
vulnerable | 2026-06-08 05:05:44.639298 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2014-4342 |
vulnerable | 2026-06-08 05:05:44.635294 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.