Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6246?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "type": "deb", "namespace": "debian", "name": "krb5", "version": "1.6.dfsg.4~beta1-5lenny7", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.20.1-2+deb12u4", "latest_non_vulnerable_version": "1.20.1-2+deb12u4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74980?format=api", "vulnerability_id": "VCID-11jm-yxbs-1kfj", "summary": "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02618", "scoring_system": "epss", "scoring_elements": "0.85938", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02618", "scoring_system": "epss", "scoring_elements": "0.8596", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02618", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1379", "reference_id": "RHSA-2011:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1379" }, { "reference_url": "https://usn.ubuntu.com/1233-1/", "reference_id": "USN-1233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1527" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11jm-yxbs-1kfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75006?format=api", "vulnerability_id": "VCID-1nn6-mr7d-wyhk", "summary": "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74304", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74337", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74342", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179861", "reference_id": "1179861", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-9422" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nn6-mr7d-wyhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74962?format=api", "vulnerability_id": "VCID-1sps-s2a3-wbad", "summary": "The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a ticket request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3295.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3295.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3295", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02737", "scoring_system": "epss", "scoring_elements": "0.86248", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02737", "scoring_system": "epss", "scoring_elements": "0.8627", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02737", "scoring_system": "epss", "scoring_elements": "0.86272", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3295" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=545002", "reference_id": "545002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545002" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://usn.ubuntu.com/879-1/", "reference_id": "USN-879-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/879-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2009-3295" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sps-s2a3-wbad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74959?format=api", "vulnerability_id": "VCID-1u82-w13p-cfbk", "summary": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3, when SPNEGO is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via invalid ContextFlags data in the reqFlags field in a negTokenInit token.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0845.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0845.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19309", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.19309", "scoring_system": "epss", "scoring_elements": "0.95496", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.19309", "scoring_system": "epss", "scoring_elements": "0.95499", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0845" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=490634", "reference_id": "490634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490634" }, { "reference_url": "https://security.gentoo.org/glsa/200904-09", "reference_id": "GLSA-200904-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0408", "reference_id": "RHSA-2009:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0408" }, { "reference_url": "https://usn.ubuntu.com/755-1/", "reference_id": "USN-755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/755-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2009-0845" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1u82-w13p-cfbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74997?format=api", "vulnerability_id": "VCID-2674-wgen-1qbk", "summary": "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07384", "scoring_system": "epss", "scoring_elements": "0.91864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07384", "scoring_system": "epss", "scoring_elements": "0.91876", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07384", "scoring_system": "epss", "scoring_elements": "0.91877", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121876", "reference_id": "1121876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121876" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520", "reference_id": "755520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4343" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2674-wgen-1qbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75015?format=api", "vulnerability_id": "VCID-2tn3-dfqx-5yc9", "summary": "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02635", "scoring_system": "epss", "scoring_elements": "0.85985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02635", "scoring_system": "epss", "scoring_elements": "0.86006", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02635", "scoring_system": "epss", "scoring_elements": "0.86009", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302642", "reference_id": "1302642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126", "reference_id": "813126", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0493", "reference_id": "RHSA-2016:0493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0532", "reference_id": "RHSA-2016:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-8631" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tn3-dfqx-5yc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61752?format=api", "vulnerability_id": "VCID-3d22-kr2u-tuck", "summary": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28666", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28707", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317", "reference_id": "1135317", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "reference_id": "2463370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370" }, { "reference_url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "reference_id": "2e75f0d9362fb979f5fc92829431a590a130929f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/" } ], "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "reference_url": "https://web.mit.edu/kerberos/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/" } ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "reference_url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "reference_id": "krb5-two-unauthenticated-network-vulnerabilities.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/" } ], "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12220", "reference_id": "RHSA-2026:12220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16799", "reference_id": "RHSA-2026:16799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19145", "reference_id": "RHSA-2026:19145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19357", "reference_id": "RHSA-2026:19357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22634", "reference_id": "RHSA-2026:22634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2026-40355" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d22-kr2u-tuck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75003?format=api", "vulnerability_id": "VCID-3df1-58jr-e7gv", "summary": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.68017", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.68025", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174546", "reference_id": "1174546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228", "reference_id": "773228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5354" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3df1-58jr-e7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74983?format=api", "vulnerability_id": "VCID-3jcm-y59r-47a5", "summary": "The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76529", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76564", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=753748", "reference_id": "753748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=753748" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1790", "reference_id": "RHSA-2011:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1790" }, { "reference_url": "https://usn.ubuntu.com/1290-1/", "reference_id": "USN-1290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1530" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jcm-y59r-47a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75022?format=api", "vulnerability_id": "VCID-3tas-mucv-aufk", "summary": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60026", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60076", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535575", "reference_id": "1535575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535575" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685", "reference_id": "889685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-5710" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tas-mucv-aufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75002?format=api", "vulnerability_id": "VCID-42rr-7ajf-eqg7", "summary": "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68272", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68313", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68321", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174543", "reference_id": "1174543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174543" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226", "reference_id": "773226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5353" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42rr-7ajf-eqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75020?format=api", "vulnerability_id": "VCID-4mm3-t6eu-4qde", "summary": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02665", "scoring_system": "epss", "scoring_elements": "0.86077", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02665", "scoring_system": "epss", "scoring_elements": "0.86098", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02665", "scoring_system": "epss", "scoring_elements": "0.86102", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665296", "reference_id": "1665296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665296" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387", "reference_id": "917387", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387" }, { "reference_url": "https://usn.ubuntu.com/5828-1/", "reference_id": "USN-5828-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5828-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-20217" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mm3-t6eu-4qde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72438?format=api", "vulnerability_id": "VCID-53pj-pwxv-qqhv", "summary": "Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4862.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4862", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.92585", "scoring_system": "epss", "scoring_elements": "0.99755", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.92585", "scoring_system": "epss", "scoring_elements": "0.99756", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4862" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=770325", "reference_id": "770325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=770325" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb", "reference_id": "CVE-2011-4862;OSVDB-78020", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/18369.rb" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c", "reference_id": "CVE-2011-4862;OSVDB-78020", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18280.c" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb", "reference_id": "CVE-2011-4862;OSVDB-78020", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/18368.rb" }, { "reference_url": "https://security.gentoo.org/glsa/201201-14", "reference_id": "GLSA-201201-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-14" }, { "reference_url": "https://security.gentoo.org/glsa/201202-05", "reference_id": "GLSA-201202-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-05" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1851", "reference_id": "RHSA-2011:1851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1852", "reference_id": "RHSA-2011:1852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1853", "reference_id": "RHSA-2011:1853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1853" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1854", "reference_id": "RHSA-2011:1854", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1854" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2011-4862" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53pj-pwxv-qqhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75005?format=api", "vulnerability_id": "VCID-596a-s3un-vbbc", "summary": "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05356", "scoring_system": "epss", "scoring_elements": "0.90245", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05356", "scoring_system": "epss", "scoring_elements": "0.90261", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05356", "scoring_system": "epss", "scoring_elements": "0.90259", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179857", "reference_id": "1179857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-9421" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-596a-s3un-vbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74970?format=api", "vulnerability_id": "VCID-5jja-ssqm-skhu", "summary": "MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to modify user-visible prompt text, modify a response to a Key Distribution Center (KDC), or forge a KRB-SAFE message via certain checksums that (1) are unkeyed or (2) use RC4 keys.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1323.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04735", "scoring_system": "epss", "scoring_elements": "0.89594", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04735", "scoring_system": "epss", "scoring_elements": "0.89612", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04735", "scoring_system": "epss", "scoring_elements": "0.89611", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553", "reference_id": "605553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=648734", "reference_id": "648734", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648734" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0925", "reference_id": "RHSA-2010:0925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0926", "reference_id": "RHSA-2010:0926", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0926" }, { "reference_url": "https://usn.ubuntu.com/1030-1/", "reference_id": "USN-1030-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1030-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-1323" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jja-ssqm-skhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74957?format=api", "vulnerability_id": "VCID-5thq-ff3f-h7f6", "summary": "The get_input_token function in the SPNEGO implementation in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote attackers to cause a denial of service (daemon crash) and possibly obtain sensitive information via a crafted length value that triggers a buffer over-read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0844.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.8769", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87711", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03433", "scoring_system": "epss", "scoring_elements": "0.87713", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0844" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=491033", "reference_id": "491033", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491033" }, { "reference_url": "https://security.gentoo.org/glsa/200904-09", "reference_id": "GLSA-200904-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0408", "reference_id": "RHSA-2009:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0408" }, { "reference_url": "https://usn.ubuntu.com/755-1/", "reference_id": "USN-755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/755-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2009-0844" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5thq-ff3f-h7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75004?format=api", "vulnerability_id": "VCID-6jnk-3rfw-nkh8", "summary": "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08201", "scoring_system": "epss", "scoring_elements": "0.92352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08201", "scoring_system": "epss", "scoring_elements": "0.92366", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08201", "scoring_system": "epss", "scoring_elements": "0.92362", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193939", "reference_id": "1193939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193939" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647", "reference_id": "778647", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2154", "reference_id": "RHSA-2015:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2154" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5355" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jnk-3rfw-nkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74973?format=api", "vulnerability_id": "VCID-7ey4-ge6f-9uct", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a \"KrbFastReq forgery issue.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4021.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4021.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4021", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64922", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64965", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0047", "scoring_system": "epss", "scoring_elements": "0.64975", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4021" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=648736", "reference_id": "648736", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648736" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://usn.ubuntu.com/1030-1/", "reference_id": "USN-1030-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1030-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-4021" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ey4-ge6f-9uct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74874?format=api", "vulnerability_id": "VCID-7wnb-bhuv-tycp", "summary": "schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15013", "scoring_system": "epss", "scoring_elements": "0.94695", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15013", "scoring_system": "epss", "scoring_elements": "0.94704", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267", "reference_id": "708267", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=962531", "reference_id": "962531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962531" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0942", "reference_id": "RHSA-2013:0942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0942" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2002-2443" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wnb-bhuv-tycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74982?format=api", "vulnerability_id": "VCID-8fxt-3wg4-dkbb", "summary": "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02376", "scoring_system": "epss", "scoring_elements": "0.85263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02376", "scoring_system": "epss", "scoring_elements": "0.85287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02376", "scoring_system": "epss", "scoring_elements": "0.85292", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1379", "reference_id": "RHSA-2011:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1379" }, { "reference_url": "https://usn.ubuntu.com/1233-1/", "reference_id": "USN-1233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1529" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fxt-3wg4-dkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74963?format=api", "vulnerability_id": "VCID-9axv-m7xk-quax", "summary": "Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4212.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4212.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4212", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16485", "scoring_system": "epss", "scoring_elements": "0.95019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16485", "scoring_system": "epss", "scoring_elements": "0.95028", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.16485", "scoring_system": "epss", "scoring_elements": "0.95029", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-4212" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015", "reference_id": "545015", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=545015" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0029", "reference_id": "RHSA-2010:0029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0029" }, { "reference_url": "https://usn.ubuntu.com/881-1/", "reference_id": "USN-881-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/881-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2009-4212" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9axv-m7xk-quax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74966?format=api", "vulnerability_id": "VCID-a4cc-w95t-8fh6", "summary": "Use-after-free vulnerability in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) 1.5 through 1.6.3 allows remote authenticated users to cause a denial of service (daemon crash) via a request from a kadmin client that sends an invalid API version number.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0629.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02284", "scoring_system": "epss", "scoring_elements": "0.84991", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02284", "scoring_system": "epss", "scoring_elements": "0.85015", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02284", "scoring_system": "epss", "scoring_elements": "0.85019", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0629" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=576011", "reference_id": "576011", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=576011" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0343", "reference_id": "RHSA-2010:0343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0343" }, { "reference_url": "https://usn.ubuntu.com/924-1/", "reference_id": "USN-924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-0629" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a4cc-w95t-8fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74985?format=api", "vulnerability_id": "VCID-at3s-18x4-n7e2", "summary": "server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47041", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47106", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47109", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918", "reference_id": "670918", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=796438", "reference_id": "796438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=796438" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1012" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at3s-18x4-n7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75008?format=api", "vulnerability_id": "VCID-b6a9-hnjx-c3gk", "summary": "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0089", "scoring_system": "epss", "scoring_elements": "0.75903", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0089", "scoring_system": "epss", "scoring_elements": "0.75929", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216133", "reference_id": "1216133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557", "reference_id": "783557", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2154", "reference_id": "RHSA-2015:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2154" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2694" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6a9-hnjx-c3gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74993?format=api", "vulnerability_id": "VCID-bdmc-p544-bfg9", "summary": "do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68062", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68101", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68109", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030743", "reference_id": "1030743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030743" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085", "reference_id": "730085", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2013-1417" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdmc-p544-bfg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74984?format=api", "vulnerability_id": "VCID-bg27-2hv6-m7cx", "summary": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79281", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79308", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79313", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4151" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-4151" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bg27-2hv6-m7cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74974?format=api", "vulnerability_id": "VCID-bkdg-dybz-t3fy", "summary": "The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08988", "scoring_system": "epss", "scoring_elements": "0.92761", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08988", "scoring_system": "epss", "scoring_elements": "0.92774", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08988", "scoring_system": "epss", "scoring_elements": "0.92769", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=664009", "reference_id": "664009", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=664009" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0200", "reference_id": "RHSA-2011:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0200" }, { "reference_url": "https://usn.ubuntu.com/1062-1/", "reference_id": "USN-1062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2010-4022" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkdg-dybz-t3fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74991?format=api", "vulnerability_id": "VCID-bkqm-d2bp-f7fe", "summary": "The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02274", "scoring_system": "epss", "scoring_elements": "0.84961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02274", "scoring_system": "epss", "scoring_elements": "0.84985", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02274", "scoring_system": "epss", "scoring_elements": "0.84989", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775", "reference_id": "704775", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=949984", "reference_id": "949984", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=949984" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0748", "reference_id": "RHSA-2013:0748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0748" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2013-1416" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqm-d2bp-f7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74902?format=api", "vulnerability_id": "VCID-c2t4-3vdu-wqf1", "summary": "Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0488.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0488.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0488", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11677", "scoring_system": "epss", "scoring_elements": "0.93808", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11677", "scoring_system": "epss", "scoring_elements": "0.93817", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.11677", "scoring_system": "epss", "scoring_elements": "0.93816", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-0488" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0488" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617531", "reference_id": "1617531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617531" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:504", "reference_id": "RHSA-2005:504", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:504" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:562", "reference_id": "RHSA-2005:562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:562" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2005-0488" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2t4-3vdu-wqf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74967?format=api", "vulnerability_id": "VCID-c3qw-eazy-nyer", "summary": "Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a request associated with (1) renewal or (2) validation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1320.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1320.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.22068", "scoring_system": "epss", "scoring_elements": "0.95892", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.22068", "scoring_system": "epss", "scoring_elements": "0.95896", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.22068", "scoring_system": "epss", "scoring_elements": "0.95899", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1320" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1320" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490", "reference_id": "577490", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577490" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=581922", "reference_id": "581922", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=581922" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33855.txt", "reference_id": "CVE-2010-1320;OSVDB-63975", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/33855.txt" }, { "reference_url": "https://www.securityfocus.com/bid/39599/info", "reference_id": "CVE-2010-1320;OSVDB-63975", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/39599/info" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://usn.ubuntu.com/940-1/", "reference_id": "USN-940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/940-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-1320" ], "risk_score": 0.4, "exploitability": "2.0", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c3qw-eazy-nyer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74972?format=api", "vulnerability_id": "VCID-c5ev-cgh8-3kda", "summary": "MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 key-derivation checksums, which might allow remote authenticated users to forge a (1) AD-SIGNEDPATH or (2) AD-KDC-ISSUED signature, and possibly gain privileges, by leveraging the small key space that results from certain one-byte stream-cipher operations.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4020.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67786", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67826", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00535", "scoring_system": "epss", "scoring_elements": "0.67833", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553", "reference_id": "605553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=648735", "reference_id": "648735", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648735" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0925", "reference_id": "RHSA-2010:0925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0925" }, { "reference_url": "https://usn.ubuntu.com/1030-1/", "reference_id": "USN-1030-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1030-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-4020" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5ev-cgh8-3kda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75023?format=api", "vulnerability_id": "VCID-c5he-57zg-fybc", "summary": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22938", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2302", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23006", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551083", "reference_id": "1551083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551083" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", "reference_id": "891869", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869" }, { "reference_url": "https://security.archlinux.org/ASA-201806-3", "reference_id": "ASA-201806-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-3" }, { "reference_url": "https://security.archlinux.org/AVG-586", "reference_id": "AVG-586", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3071", "reference_id": "RHSA-2018:3071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3071" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-5729" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5he-57zg-fybc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74961?format=api", "vulnerability_id": "VCID-d2qf-r6jd-r3c7", "summary": "The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0847.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0847.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20287", "scoring_system": "epss", "scoring_elements": "0.95633", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20287", "scoring_system": "epss", "scoring_elements": "0.95639", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.20287", "scoring_system": "epss", "scoring_elements": "0.95643", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0847" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0847" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=491034", "reference_id": "491034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491034" }, { "reference_url": "https://security.gentoo.org/glsa/200904-09", "reference_id": "GLSA-200904-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-09" }, { "reference_url": "https://usn.ubuntu.com/755-1/", "reference_id": "USN-755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/755-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2009-0847" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d2qf-r6jd-r3c7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74978?format=api", "vulnerability_id": "VCID-d42v-zwu4-a3ge", "summary": "Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2264", "scoring_system": "epss", "scoring_elements": "0.9596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2264", "scoring_system": "epss", "scoring_elements": "0.95964", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2264", "scoring_system": "epss", "scoring_elements": "0.95968", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517", "reference_id": "618517", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=674325", "reference_id": "674325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=674325" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0356", "reference_id": "RHSA-2011:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0356" }, { "reference_url": "https://usn.ubuntu.com/1088-1/", "reference_id": "USN-1088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1088-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0284" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d42v-zwu4-a3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74988?format=api", "vulnerability_id": "VCID-d53g-faqf-gfdp", "summary": "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79563", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79569", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429", "reference_id": "683429", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=838012", "reference_id": "838012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838012" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1131", "reference_id": "RHSA-2012:1131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1131" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1015" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d53g-faqf-gfdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75007?format=api", "vulnerability_id": "VCID-dbaq-qjd2-d7c9", "summary": "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01537", "scoring_system": "epss", "scoring_elements": "0.81674", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01537", "scoring_system": "epss", "scoring_elements": "0.81705", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179863", "reference_id": "1179863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-9423" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbaq-qjd2-d7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75018?format=api", "vulnerability_id": "VCID-e1xu-a882-s3ga", "summary": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89105", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361050", "reference_id": "1361050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361050" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572", "reference_id": "832572", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2591", "reference_id": "RHSA-2016:2591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2591" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-3120" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1xu-a882-s3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75027?format=api", "vulnerability_id": "VCID-ekzs-tuvp-ybfq", "summary": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06615", "scoring_system": "epss", "scoring_elements": "0.91351", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06615", "scoring_system": "epss", "scoring_elements": "0.91364", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06615", "scoring_system": "epss", "scoring_elements": "0.91366", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983720", "reference_id": "1983720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983720" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365", "reference_id": "991365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365" }, { "reference_url": "https://security.archlinux.org/AVG-2173", "reference_id": "AVG-2173", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2173" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3576", "reference_id": "RHSA-2021:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3576" }, { "reference_url": "https://usn.ubuntu.com/5959-1/", "reference_id": "USN-5959-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5959-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2021-36222" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekzs-tuvp-ybfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74994?format=api", "vulnerability_id": "VCID-esm3-3qwz-cud2", "summary": "The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07674", "scoring_system": "epss", "scoring_elements": "0.92046", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07674", "scoring_system": "epss", "scoring_elements": "0.92058", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07674", "scoring_system": "epss", "scoring_elements": "0.92056", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026942", "reference_id": "1026942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026942" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845", "reference_id": "728845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1245", "reference_id": "RHSA-2014:1245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2013-1418" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esm3-3qwz-cud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74989?format=api", "vulnerability_id": "VCID-ezm2-e8zw-g7dg", "summary": "The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71018", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.7106", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71067", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633", "reference_id": "702633", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=917840", "reference_id": "917840", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0656", "reference_id": "RHSA-2013:0656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0656" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1016" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezm2-e8zw-g7dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74995?format=api", "vulnerability_id": "VCID-f343-u3jt-pkfy", "summary": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14451", "scoring_system": "epss", "scoring_elements": "0.94559", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14451", "scoring_system": "epss", "scoring_elements": "0.94567", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14451", "scoring_system": "epss", "scoring_elements": "0.94569", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116180", "reference_id": "1116180", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116180" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624", "reference_id": "753624", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1245", "reference_id": "RHSA-2014:1245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4341" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f343-u3jt-pkfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74965?format=api", "vulnerability_id": "VCID-f72c-txrr-ukga", "summary": "The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid packet that triggers incorrect preparation of an error token.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0628.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0628.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00925", "scoring_system": "epss", "scoring_elements": "0.76405", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00925", "scoring_system": "epss", "scoring_elements": "0.76433", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00925", "scoring_system": "epss", "scoring_elements": "0.76434", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0628" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0628" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258", "reference_id": "566258", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566258" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575740", "reference_id": "575740", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575740" }, { "reference_url": "https://usn.ubuntu.com/916-1/", "reference_id": "USN-916-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/916-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-0628" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f72c-txrr-ukga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75011?format=api", "vulnerability_id": "VCID-fcy5-mv1a-n7dh", "summary": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05447", "scoring_system": "epss", "scoring_elements": "0.90342", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05447", "scoring_system": "epss", "scoring_elements": "0.90357", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05447", "scoring_system": "epss", "scoring_elements": "0.90356", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275863", "reference_id": "1275863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275863" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088", "reference_id": "803088", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088" }, { "reference_url": "https://security.gentoo.org/glsa/201611-14", "reference_id": "GLSA-201611-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-14" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2697" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcy5-mv1a-n7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75014?format=api", "vulnerability_id": "VCID-fvfb-k9ar-93eu", "summary": "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03623", "scoring_system": "epss", "scoring_elements": "0.88014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03623", "scoring_system": "epss", "scoring_elements": "0.88034", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03623", "scoring_system": "epss", "scoring_elements": "0.88038", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302632", "reference_id": "1302632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302632" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127", "reference_id": "813127", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0532", "reference_id": "RHSA-2016:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-8630" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvfb-k9ar-93eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74964?format=api", "vulnerability_id": "VCID-g9nw-c9d1-a3er", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0283.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03728", "scoring_system": "epss", "scoring_elements": "0.88194", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03728", "scoring_system": "epss", "scoring_elements": "0.88214", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03728", "scoring_system": "epss", "scoring_elements": "0.88217", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=556680", "reference_id": "556680", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=556680" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://usn.ubuntu.com/916-1/", "reference_id": "USN-916-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/916-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-0283" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9nw-c9d1-a3er" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75016?format=api", "vulnerability_id": "VCID-h23e-nhyz-8uda", "summary": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10203", "scoring_system": "epss", "scoring_elements": "0.93271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10203", "scoring_system": "epss", "scoring_elements": "0.93283", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319616", "reference_id": "1319616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319616" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468", "reference_id": "819468", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2591", "reference_id": "RHSA-2016:2591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2591" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-3119" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h23e-nhyz-8uda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74990?format=api", "vulnerability_id": "VCID-hre7-pp7p-13fs", "summary": "The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01588", "scoring_system": "epss", "scoring_elements": "0.81961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01588", "scoring_system": "epss", "scoring_elements": "0.81994", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01588", "scoring_system": "epss", "scoring_elements": "0.81995", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=914749", "reference_id": "914749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0656", "reference_id": "RHSA-2013:0656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0656" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2013-1415" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hre7-pp7p-13fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6879?format=api", "vulnerability_id": "VCID-husp-fm64-nfa9", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72752", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72799", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996834", "reference_id": "1996834", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996834" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607", "reference_id": "992607", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607" }, { "reference_url": "https://security.archlinux.org/AVG-2312", "reference_id": "AVG-2312", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2312" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3576", "reference_id": "RHSA-2021:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4788", "reference_id": "RHSA-2021:4788", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4788" }, { "reference_url": "https://usn.ubuntu.com/5959-1/", "reference_id": "USN-5959-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5959-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2021-37750" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-husp-fm64-nfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74998?format=api", "vulnerability_id": "VCID-j145-f5mp-xkeq", "summary": "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0527", "scoring_system": "epss", "scoring_elements": "0.90169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0527", "scoring_system": "epss", "scoring_elements": "0.90185", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0527", "scoring_system": "epss", "scoring_elements": "0.90183", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121877", "reference_id": "1121877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521", "reference_id": "755521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1245", "reference_id": "RHSA-2014:1245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4344" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j145-f5mp-xkeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75024?format=api", "vulnerability_id": "VCID-j6qa-q1h1-3uaq", "summary": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.69169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.69208", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082", "reference_id": "1551082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", "reference_id": "891869", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869" }, { "reference_url": "https://security.archlinux.org/ASA-201806-3", "reference_id": "ASA-201806-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-3" }, { "reference_url": "https://security.archlinux.org/AVG-586", "reference_id": "AVG-586", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3071", "reference_id": "RHSA-2018:3071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3071" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-5730" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qa-q1h1-3uaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74987?format=api", "vulnerability_id": "VCID-jbf6-vrjc-syg1", "summary": "The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04152", "scoring_system": "epss", "scoring_elements": "0.88861", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04152", "scoring_system": "epss", "scoring_elements": "0.88878", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429", "reference_id": "683429", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=838014", "reference_id": "838014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838014" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1014" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbf6-vrjc-syg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6806?format=api", "vulnerability_id": "VCID-jfhc-x8j6-yuab", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68171", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68162", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677", "reference_id": "2294677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "reference_url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_id": "55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/" } ], "url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef" }, { "reference_url": "https://web.mit.edu/kerberos/www/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/" } ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "reference_url": "https://security.archlinux.org/AVG-2856", "reference_id": "AVG-2856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4734", "reference_id": "RHSA-2024:4734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4743", "reference_id": "RHSA-2024:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5076", "reference_id": "RHSA-2024:5076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5312", "reference_id": "RHSA-2024:5312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5316", "reference_id": "RHSA-2024:5316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5625", "reference_id": "RHSA-2024:5625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5630", "reference_id": "RHSA-2024:5630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5643", "reference_id": "RHSA-2024:5643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5884", "reference_id": "RHSA-2024:5884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6166", "reference_id": "RHSA-2024:6166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "reference_url": "https://usn.ubuntu.com/6947-1/", "reference_id": "USN-6947-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6947-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2024-37370" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfhc-x8j6-yuab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74975?format=api", "vulnerability_id": "VCID-ksar-xuza-8kg7", "summary": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10754", "scoring_system": "epss", "scoring_elements": "0.93472", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10754", "scoring_system": "epss", "scoring_elements": "0.93483", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10754", "scoring_system": "epss", "scoring_elements": "0.93484", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=668719", "reference_id": "668719", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=668719" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0199", "reference_id": "RHSA-2011:0199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0200", "reference_id": "RHSA-2011:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0200" }, { "reference_url": "https://usn.ubuntu.com/1062-1/", "reference_id": "USN-1062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0281" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksar-xuza-8kg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74969?format=api", "vulnerability_id": "VCID-kszc-uv1w-syb1", "summary": "The merge_authdata function in kdc_authdata.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x before 1.8.4 does not properly manage an index into an authorization-data list, which allows remote attackers to cause a denial of service (daemon crash), or possibly obtain sensitive information, spoof authorization, or execute arbitrary code, via a TGS request that triggers an uninitialized pointer dereference, as demonstrated by a request from a Windows Active Directory client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1322.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.8121", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81238", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81241", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1322" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599237", "reference_id": "599237", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599237" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=636335", "reference_id": "636335", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=636335" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0863", "reference_id": "RHSA-2010:0863", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0863" }, { "reference_url": "https://usn.ubuntu.com/999-1/", "reference_id": "USN-999-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/999-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-1322" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kszc-uv1w-syb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74979?format=api", "vulnerability_id": "VCID-ktuq-s8bz-1qam", "summary": "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54024", "scoring_system": "epss", "scoring_elements": "0.98055", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.54024", "scoring_system": "epss", "scoring_elements": "0.98057", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681", "reference_id": "622681", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=696334", "reference_id": "696334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696334" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt", "reference_id": "CVE-2011-0285;OSVDB-71789", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt" }, { "reference_url": "https://www.securityfocus.com/bid/47310/info", "reference_id": "CVE-2011-0285;OSVDB-71789", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/47310/info" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0447", "reference_id": "RHSA-2011:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0447" }, { "reference_url": "https://usn.ubuntu.com/1116-1/", "reference_id": "USN-1116-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1116-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0285" ], "risk_score": 1.0, "exploitability": "2.0", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktuq-s8bz-1qam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75026?format=api", "vulnerability_id": "VCID-kwy5-x7m9-4qgt", "summary": "MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76818", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76812", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901041", "reference_id": "1901041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901041" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/", "reference_id": "45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/" }, { "reference_url": "https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd", "reference_id": "57415dda6cf04e73ffc3723be518eddfae599bfd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/", "reference_id": "73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880", "reference_id": "973880", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4795", "reference_id": "dsa-4795", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4795" }, { "reference_url": "https://security.gentoo.org/glsa/202011-17", "reference_id": "GLSA-202011-17", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://security.gentoo.org/glsa/202011-17" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/", "reference_id": "KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201202-0001/", "reference_id": "ntap-20201202-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20201202-0001/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210513-0002/", "reference_id": "ntap-20210513-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1593", "reference_id": "RHSA-2021:1593", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2239", "reference_id": "RHSA-2021:2239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2239" }, { "reference_url": "https://usn.ubuntu.com/4635-1/", "reference_id": "USN-4635-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4635-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2020-28196" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwy5-x7m9-4qgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75012?format=api", "vulnerability_id": "VCID-mbrk-dkua-uyeq", "summary": "The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75505", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75534", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75537", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278951", "reference_id": "1278951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278951" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2698" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbrk-dkua-uyeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74986?format=api", "vulnerability_id": "VCID-ny7t-pkm8-2fb4", "summary": "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77794", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77821", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77828", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647", "reference_id": "687647", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827517", "reference_id": "827517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1131", "reference_id": "RHSA-2012:1131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1131" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1013" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ny7t-pkm8-2fb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74971?format=api", "vulnerability_id": "VCID-pbeh-n41k-s7au", "summary": "MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not properly determine the acceptability of checksums, which might allow remote attackers to forge GSS tokens, gain privileges, or have unspecified other impact via (1) an unkeyed checksum, (2) an unkeyed PAC checksum, or (3) a KrbFastArmoredReq checksum based on an RC4 key.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1324.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1324.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1324", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03499", "scoring_system": "epss", "scoring_elements": "0.87818", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03499", "scoring_system": "epss", "scoring_elements": "0.87839", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03499", "scoring_system": "epss", "scoring_elements": "0.87841", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1324" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553", "reference_id": "605553", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605553" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=648674", "reference_id": "648674", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=648674" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0925", "reference_id": "RHSA-2010:0925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0925" }, { "reference_url": "https://usn.ubuntu.com/1030-1/", "reference_id": "USN-1030-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1030-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-1324" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbeh-n41k-s7au" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75010?format=api", "vulnerability_id": "VCID-pj93-uzpy-3bg1", "summary": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10768", "scoring_system": "epss", "scoring_elements": "0.93477", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10768", "scoring_system": "epss", "scoring_elements": "0.93488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10768", "scoring_system": "epss", "scoring_elements": "0.93489", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275869", "reference_id": "1275869", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275869" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084", "reference_id": "803084", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084" }, { "reference_url": "https://security.gentoo.org/glsa/201611-14", "reference_id": "GLSA-201611-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-14" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2696" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj93-uzpy-3bg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75034?format=api", "vulnerability_id": "VCID-pq2d-33kw-ayb7", "summary": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48824", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48832", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525", "reference_id": "1103525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", "reference_id": "2359465", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3576", "reference_id": "CVE-2025-3576", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3576" }, { "reference_url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", "reference_id": "krb5-1.22.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11487", "reference_id": "RHSA-2025:11487", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13664", "reference_id": "RHSA-2025:13664", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13777", "reference_id": "RHSA-2025:13777", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15000", "reference_id": "RHSA-2025:15000", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15001", "reference_id": "RHSA-2025:15001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15002", "reference_id": "RHSA-2025:15002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15003", "reference_id": "RHSA-2025:15003", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15004", "reference_id": "RHSA-2025:15004", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8411", "reference_id": "RHSA-2025:8411", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9418", "reference_id": "RHSA-2025:9418", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9430", "reference_id": "RHSA-2025:9430", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9430" }, { "reference_url": "https://usn.ubuntu.com/7542-1/", "reference_id": "USN-7542-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7542-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2025-3576" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq2d-33kw-ayb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75009?format=api", "vulnerability_id": "VCID-py4d-vrgu-5ueu", "summary": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04582", "scoring_system": "epss", "scoring_elements": "0.89406", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04582", "scoring_system": "epss", "scoring_elements": "0.89424", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04582", "scoring_system": "epss", "scoring_elements": "0.89423", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275871", "reference_id": "1275871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275871" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083", "reference_id": "803083", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083" }, { "reference_url": "https://security.gentoo.org/glsa/201611-14", "reference_id": "GLSA-201611-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-14" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2695" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-py4d-vrgu-5ueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6466?format=api", "vulnerability_id": "VCID-rgc3-hzw1-3bcp", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77958", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77965", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77931", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", "reference_id": "1488873", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563", "reference_id": "873563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563" }, { "reference_url": "https://security.archlinux.org/ASA-201710-8", "reference_id": "ASA-201710-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-8" }, { "reference_url": "https://security.archlinux.org/ASA-201710-9", "reference_id": "ASA-201710-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-9" }, { "reference_url": "https://security.archlinux.org/AVG-414", "reference_id": "AVG-414", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-414" }, { "reference_url": "https://security.archlinux.org/AVG-415", "reference_id": "AVG-415", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-415" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2017-11462" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgc3-hzw1-3bcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75033?format=api", "vulnerability_id": "VCID-s1hu-g4ns-5ydy", "summary": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42956", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42945", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730", "reference_id": "1094730", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796", "reference_id": "2342796", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796" }, { "reference_url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0", "reference_id": "78ceba024b64d49612375be4a12d1c066b0bfbd0", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/" } ], "url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0" }, { "reference_url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final", "reference_id": "krb5-1.21.3-final...krb5-1.22-final", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/" } ], "url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1352", "reference_id": "RHSA-2025:1352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2722", "reference_id": "RHSA-2025:2722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2789", "reference_id": "RHSA-2025:2789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7067", "reference_id": "RHSA-2025:7067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7314-1/", "reference_id": "USN-7314-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7314-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2025-24528" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1hu-g4ns-5ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74960?format=api", "vulnerability_id": "VCID-sewn-mfcw-gygm", "summary": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0846.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-0846.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.50005", "scoring_system": "epss", "scoring_elements": "0.97873", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.50005", "scoring_system": "epss", "scoring_elements": "0.97876", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.50005", "scoring_system": "epss", "scoring_elements": "0.97878", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-0846" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0846" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=491036", "reference_id": "491036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=491036" }, { "reference_url": "https://security.gentoo.org/glsa/200904-09", "reference_id": "GLSA-200904-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200904-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0408", "reference_id": "RHSA-2009:0408", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0409", "reference_id": "RHSA-2009:0409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:0410", "reference_id": "RHSA-2009:0410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:0410" }, { "reference_url": "https://usn.ubuntu.com/755-1/", "reference_id": "USN-755-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/755-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2009-0846" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sewn-mfcw-gygm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74999?format=api", "vulnerability_id": "VCID-t96y-1vd2-fqe3", "summary": "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11304", "scoring_system": "epss", "scoring_elements": "0.93669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11304", "scoring_system": "epss", "scoring_elements": "0.93679", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128157", "reference_id": "1128157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128157" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416", "reference_id": "757416", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1255", "reference_id": "RHSA-2014:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4345" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t96y-1vd2-fqe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6805?format=api", "vulnerability_id": "VCID-tg7a-etmk-6fea", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02606", "scoring_system": "epss", "scoring_elements": "0.85933", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02606", "scoring_system": "epss", "scoring_elements": "0.8593", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676", "reference_id": "2294676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "reference_url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_id": "55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/" } ], "url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef" }, { "reference_url": "https://web.mit.edu/kerberos/www/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/" } ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "reference_url": "https://security.archlinux.org/AVG-2856", "reference_id": "AVG-2856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4734", "reference_id": "RHSA-2024:4734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4743", "reference_id": "RHSA-2024:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5076", "reference_id": "RHSA-2024:5076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5312", "reference_id": "RHSA-2024:5312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5316", "reference_id": "RHSA-2024:5316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5625", "reference_id": "RHSA-2024:5625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5630", "reference_id": "RHSA-2024:5630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5643", "reference_id": "RHSA-2024:5643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5884", "reference_id": "RHSA-2024:5884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6166", "reference_id": "RHSA-2024:6166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" }, { "reference_url": "https://usn.ubuntu.com/6947-1/", "reference_id": "USN-6947-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6947-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2024-37371" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7a-etmk-6fea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61749?format=api", "vulnerability_id": "VCID-u4y9-vrsc-wbdy", "summary": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28625", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317", "reference_id": "1135317", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "reference_id": "2463368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368" }, { "reference_url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "reference_id": "2e75f0d9362fb979f5fc92829431a590a130929f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/" } ], "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "reference_url": "https://web.mit.edu/kerberos/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/" } ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "reference_url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "reference_id": "krb5-two-unauthenticated-network-vulnerabilities.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/" } ], "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12220", "reference_id": "RHSA-2026:12220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16799", "reference_id": "RHSA-2026:16799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19145", "reference_id": "RHSA-2026:19145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19357", "reference_id": "RHSA-2026:19357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22634", "reference_id": "RHSA-2026:22634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2026-40356" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4y9-vrsc-wbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75013?format=api", "vulnerability_id": "VCID-ukkj-tn8u-yuab", "summary": "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02043", "scoring_system": "epss", "scoring_elements": "0.8416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02043", "scoring_system": "epss", "scoring_elements": "0.84183", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02043", "scoring_system": "epss", "scoring_elements": "0.84186", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302617", "reference_id": "1302617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302617" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296", "reference_id": "813296", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0493", "reference_id": "RHSA-2016:0493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0532", "reference_id": "RHSA-2016:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-8629" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkj-tn8u-yuab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75000?format=api", "vulnerability_id": "VCID-v4b9-7gb8-7kf7", "summary": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57614", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57666", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57674", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", "reference_id": "1145425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145425" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479", "reference_id": "762479", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5351" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4b9-7gb8-7kf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75001?format=api", "vulnerability_id": "VCID-vq2w-pgev-f7ha", "summary": "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05407", "scoring_system": "epss", "scoring_elements": "0.90302", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05407", "scoring_system": "epss", "scoring_elements": "0.90317", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05407", "scoring_system": "epss", "scoring_elements": "0.90316", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179856", "reference_id": "1179856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5352" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2w-pgev-f7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74899?format=api", "vulnerability_id": "VCID-vuzh-e7pz-fqgt", "summary": "The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28583", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28656", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28615", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617336", "reference_id": "1617336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617336" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271", "reference_id": "278271", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:012", "reference_id": "RHSA-2005:012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:012" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2004-0971" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuzh-e7pz-fqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74976?format=api", "vulnerability_id": "VCID-vxvk-vwan-ukak", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09562", "scoring_system": "epss", "scoring_elements": "0.93013", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09562", "scoring_system": "epss", "scoring_elements": "0.93024", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.09562", "scoring_system": "epss", "scoring_elements": "0.93021", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=668726", "reference_id": "668726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=668726" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0199", "reference_id": "RHSA-2011:0199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0200", "reference_id": "RHSA-2011:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0200" }, { "reference_url": "https://usn.ubuntu.com/1062-1/", "reference_id": "USN-1062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0282" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxvk-vwan-ukak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3527?format=api", "vulnerability_id": "VCID-wc2t-bbf1-mua5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10832", "scoring_system": "epss", "scoring_elements": "0.935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10832", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.10832", "scoring_system": "epss", "scoring_elements": "0.9351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187", "reference_id": "1024187", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267", "reference_id": "1024267", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", "reference_id": "2140960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140960" }, { "reference_url": "https://web.mit.edu/kerberos/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "reference_url": "https://security.archlinux.org/AVG-2828", "reference_id": "AVG-2828", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2828" }, { "reference_url": "https://www.samba.org/samba/security/CVE-2022-42898.html", "reference_id": "CVE-2022-42898.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html" }, { "reference_url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", "reference_id": "ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583" }, { "reference_url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", "reference_id": "GHSA-64mq-fvfj-5x3c", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c" }, { "reference_url": "https://security.gentoo.org/glsa/202309-06", "reference_id": "GLSA-202309-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "reference_url": "https://security.gentoo.org/glsa/202310-06", "reference_id": "GLSA-202310-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.gentoo.org/glsa/202310-06" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://web.mit.edu/kerberos/krb5-1.19/", "reference_id": "krb5-1.19", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://web.mit.edu/kerberos/krb5-1.19/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230216-0008/", "reference_id": "ntap-20230216-0008", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230223-0001/", "reference_id": "ntap-20230223-0001", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230223-0001/" }, { "reference_url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", "reference_id": "README-1.20.1.txt", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8637", "reference_id": "RHSA-2022:8637", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8638", "reference_id": "RHSA-2022:8638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8639", "reference_id": "RHSA-2022:8639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8640", "reference_id": "RHSA-2022:8640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8641", "reference_id": "RHSA-2022:8641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8648", "reference_id": "RHSA-2022:8648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8662", "reference_id": "RHSA-2022:8662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8663", "reference_id": "RHSA-2022:8663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8669", "reference_id": "RHSA-2022:8669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9029", "reference_id": "RHSA-2022:9029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9029" }, { "reference_url": "https://bugzilla.samba.org/show_bug.cgi?id=15203", "reference_id": "show_bug.cgi?id=15203", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203" }, { "reference_url": "https://usn.ubuntu.com/5800-1/", "reference_id": "USN-5800-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5800-1/" }, { "reference_url": "https://usn.ubuntu.com/5822-1/", "reference_id": "USN-5822-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5822-1/" }, { "reference_url": "https://usn.ubuntu.com/5828-1/", "reference_id": "USN-5828-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5828-1/" }, { "reference_url": "https://usn.ubuntu.com/5936-1/", "reference_id": "USN-5936-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5936-1/" }, { "reference_url": "https://usn.ubuntu.com/7582-1/", "reference_id": "USN-7582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2022-42898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc2t-bbf1-mua5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75028?format=api", "vulnerability_id": "VCID-xmhu-nkgw-kybr", "summary": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78377", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78368", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431", "reference_id": "1043431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230178", "reference_id": "2230178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230178" }, { "reference_url": "https://web.mit.edu/kerberos/www/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "reference_url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd", "reference_id": "ef08b09c9459551aabbe7924fb176f1583053cdd", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final", "reference_id": "krb5-1.20.1-final...krb5-1.20.2-final", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final" }, { "reference_url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final", "reference_id": "krb5-1.21-final...krb5-1.21.1-final", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230908-0004/", "reference_id": "ntap-20230908-0004", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230908-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6699", "reference_id": "RHSA-2023:6699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6699" }, { "reference_url": "https://usn.ubuntu.com/6467-1/", "reference_id": "USN-6467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6467-1/" }, { "reference_url": "https://usn.ubuntu.com/6467-2/", "reference_id": "USN-6467-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6467-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2023-36054" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmhu-nkgw-kybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4357?format=api", "vulnerability_id": "VCID-yejf-124s-hqgx", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79965", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.7994", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.7997", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", "reference_id": "1504045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504045" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", "reference_id": "871698", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698" }, { "reference_url": "https://security.archlinux.org/AVG-505", "reference_id": "AVG-505", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2017-15088" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yejf-124s-hqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6467?format=api", "vulnerability_id": "VCID-yr93-awkm-v7ay", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.72042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.72049", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.72001", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473560", "reference_id": "1473560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473560" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260", "reference_id": "869260", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260" }, { "reference_url": "https://security.archlinux.org/ASA-201710-8", "reference_id": "ASA-201710-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-8" }, { "reference_url": "https://security.archlinux.org/AVG-414", "reference_id": "AVG-414", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-414" }, { "reference_url": "https://security.archlinux.org/AVG-436", "reference_id": "AVG-436", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0666", "reference_id": "RHSA-2018:0666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2017-11368" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr93-awkm-v7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/72437?format=api", "vulnerability_id": "VCID-yy22-6ztx-67d4", "summary": "The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01857", "scoring_system": "epss", "scoring_elements": "0.8339", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01857", "scoring_system": "epss", "scoring_elements": "0.83414", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01857", "scoring_system": "epss", "scoring_elements": "0.83415", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1321" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261", "reference_id": "582261", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582261" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=582466", "reference_id": "582466", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=582466" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0423", "reference_id": "RHSA-2010:0423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0873", "reference_id": "RHSA-2010:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0935", "reference_id": "RHSA-2010:0935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2010:0935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0152", "reference_id": "RHSA-2011:0152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0152" }, { "reference_url": "https://usn.ubuntu.com/940-1/", "reference_id": "USN-940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/940-1/" }, { "reference_url": "https://usn.ubuntu.com/940-2/", "reference_id": "USN-940-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/940-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6247?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze7" } ], "aliases": [ "CVE-2010-1321" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yy22-6ztx-67d4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74981?format=api", "vulnerability_id": "VCID-zv6f-cpbv-a7b7", "summary": "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05459", "scoring_system": "epss", "scoring_elements": "0.90354", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05459", "scoring_system": "epss", "scoring_elements": "0.9037", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05459", "scoring_system": "epss", "scoring_elements": "0.90368", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1379", "reference_id": "RHSA-2011:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1379" }, { "reference_url": "https://usn.ubuntu.com/1233-1/", "reference_id": "USN-1233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1528" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6f-cpbv-a7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74996?format=api", "vulnerability_id": "VCID-zxdc-pv4q-myb6", "summary": "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08139", "scoring_system": "epss", "scoring_elements": "0.92317", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08139", "scoring_system": "epss", "scoring_elements": "0.92332", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08139", "scoring_system": "epss", "scoring_elements": "0.92329", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120581", "reference_id": "1120581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625", "reference_id": "753625", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4342" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdc-pv4q-myb6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74946?format=api", "vulnerability_id": "VCID-1sfq-jfju-2uh8", "summary": "Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5902.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5902.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04002", "scoring_system": "epss", "scoring_elements": "0.8864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04002", "scoring_system": "epss", "scoring_elements": "0.88657", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04002", "scoring_system": "epss", "scoring_elements": "0.88658", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5902" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5902" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=415341", "reference_id": "415341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=415341" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974", "reference_id": "454974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974" }, { "reference_url": "https://usn.ubuntu.com/924-1/", "reference_id": "USN-924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/924-1/" }, { "reference_url": "https://usn.ubuntu.com/940-1/", "reference_id": "USN-940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/940-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-5902" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1sfq-jfju-2uh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74931?format=api", "vulnerability_id": "VCID-2ca9-q5cr-guep", "summary": "Integer signedness error in the gssrpc__svcauth_unix function in svc_auth_unix.c in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a negative length value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2443.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.32345", "scoring_system": "epss", "scoring_elements": "0.96934", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.32345", "scoring_system": "epss", "scoring_elements": "0.96939", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.32345", "scoring_system": "epss", "scoring_elements": "0.96942", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2443" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=245548", "reference_id": "245548", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245548" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787", "reference_id": "430787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787" }, { "reference_url": "https://security.gentoo.org/glsa/200707-11", "reference_id": "GLSA-200707-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200707-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0384", "reference_id": "RHSA-2007:0384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0562", "reference_id": "RHSA-2007:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0562" }, { "reference_url": "https://usn.ubuntu.com/477-1/", "reference_id": "USN-477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-2443" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ca9-q5cr-guep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74948?format=api", "vulnerability_id": "VCID-2dct-5xex-6bhn", "summary": "Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2369", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23785", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.2377", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=415351", "reference_id": "415351", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=415351" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974", "reference_id": "454974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974" }, { "reference_url": "https://security.gentoo.org/glsa/200803-31", "reference_id": "GLSA-200803-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0164", "reference_id": "RHSA-2008:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0180", "reference_id": "RHSA-2008:0180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0180" }, { "reference_url": "https://usn.ubuntu.com/924-1/", "reference_id": "USN-924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/924-1/" }, { "reference_url": "https://usn.ubuntu.com/940-1/", "reference_id": "USN-940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/940-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-5971" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dct-5xex-6bhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74951?format=api", "vulnerability_id": "VCID-2pmt-wrh2-kqgp", "summary": "Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5972.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5972.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5972", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83691", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01923", "scoring_system": "epss", "scoring_elements": "0.83715", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5972" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5972" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=415361", "reference_id": "415361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=415361" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974", "reference_id": "454974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974" }, { "reference_url": "https://usn.ubuntu.com/924-1/", "reference_id": "USN-924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/924-1/" }, { "reference_url": "https://usn.ubuntu.com/940-1/", "reference_id": "USN-940-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/940-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-5972" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2pmt-wrh2-kqgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74943?format=api", "vulnerability_id": "VCID-2ud2-gzrr-8bb9", "summary": "Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5901.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5901.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.2909", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29161", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29128", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5901" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5901" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=415321", "reference_id": "415321", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=415321" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974", "reference_id": "454974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974" }, { "reference_url": "https://security.gentoo.org/glsa/200803-31", "reference_id": "GLSA-200803-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0164", "reference_id": "RHSA-2008:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0164" }, { "reference_url": "https://usn.ubuntu.com/924-1/", "reference_id": "USN-924-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/924-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-5901" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ud2-gzrr-8bb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74954?format=api", "vulnerability_id": "VCID-56jv-ftkh-e7bg", "summary": "Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0947.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.45097", "scoring_system": "epss", "scoring_elements": "0.97659", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.45097", "scoring_system": "epss", "scoring_elements": "0.97663", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.45097", "scoring_system": "epss", "scoring_elements": "0.97665", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0947" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0947" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=433596", "reference_id": "433596", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=433596" }, { "reference_url": "https://security.gentoo.org/glsa/200803-31", "reference_id": "GLSA-200803-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0164", "reference_id": "RHSA-2008:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0164" }, { "reference_url": "https://usn.ubuntu.com/587-1/", "reference_id": "USN-587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2008-0947" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-56jv-ftkh-e7bg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74925?format=api", "vulnerability_id": "VCID-66wn-48ee-8qd8", "summary": "Double free vulnerability in the GSS-API library (lib/gssapi/krb5/k5unseal.c), as used by the Kerberos administration daemon (kadmind) in MIT krb5 before 1.6.1, when used with the authentication method provided by the RPCSEC_GSS RPC library, allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via a message with an \"an invalid direction encoding\".", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1216.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1216.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1216", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25853", "scoring_system": "epss", "scoring_elements": "0.96364", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.25853", "scoring_system": "epss", "scoring_elements": "0.96369", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.25853", "scoring_system": "epss", "scoring_elements": "0.96372", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1216" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1216" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=231537", "reference_id": "231537", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=231537" }, { "reference_url": "https://security.gentoo.org/glsa/200704-02", "reference_id": "GLSA-200704-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200704-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0095", "reference_id": "RHSA-2007:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0095" }, { "reference_url": "https://usn.ubuntu.com/449-1/", "reference_id": "USN-449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-1216" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66wn-48ee-8qd8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74933?format=api", "vulnerability_id": "VCID-7azb-3ws6-mbh8", "summary": "Stack-based buffer overflow in the rename_principal_2_svc function in kadmind for MIT Kerberos 1.5.3, 1.6.1, and other versions allows remote authenticated users to execute arbitrary code via a crafted request to rename a principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2798.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34892", "scoring_system": "epss", "scoring_elements": "0.97112", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.34892", "scoring_system": "epss", "scoring_elements": "0.97116", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.34892", "scoring_system": "epss", "scoring_elements": "0.97117", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2798" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=245549", "reference_id": "245549", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245549" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430785", "reference_id": "430785", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430785" }, { "reference_url": "https://security.gentoo.org/glsa/200707-11", "reference_id": "GLSA-200707-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200707-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0384", "reference_id": "RHSA-2007:0384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0562", "reference_id": "RHSA-2007:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0562" }, { "reference_url": "https://usn.ubuntu.com/477-1/", "reference_id": "USN-477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-2798" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7azb-3ws6-mbh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74937?format=api", "vulnerability_id": "VCID-7wvx-d25a-dkfc", "summary": "The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the \"modify policy\" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4000.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4000.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4000", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24528", "scoring_system": "epss", "scoring_elements": "0.96222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.24528", "scoring_system": "epss", "scoring_elements": "0.96227", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.24528", "scoring_system": "epss", "scoring_elements": "0.96229", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4000" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4000" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=250976", "reference_id": "250976", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250976" }, { "reference_url": "https://security.gentoo.org/glsa/200709-01", "reference_id": "GLSA-200709-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200709-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0858", "reference_id": "RHSA-2007:0858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0858" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-4000" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvx-d25a-dkfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74935?format=api", "vulnerability_id": "VCID-7yu5-qag8-23cf", "summary": "Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3999.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-3999.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3999", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.47845", "scoring_system": "epss", "scoring_elements": "0.97773", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.47845", "scoring_system": "epss", "scoring_elements": "0.97775", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.48434", "scoring_system": "epss", "scoring_elements": "0.97802", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-3999" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3999" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=250973", "reference_id": "250973", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=250973" }, { "reference_url": "https://security.gentoo.org/glsa/200709-01", "reference_id": "GLSA-200709-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200709-01" }, { "reference_url": "https://security.gentoo.org/glsa/200710-01", "reference_id": "GLSA-200710-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200710-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0858", "reference_id": "RHSA-2007:0858", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0858" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0913", "reference_id": "RHSA-2007:0913", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0951", "reference_id": "RHSA-2007:0951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0951" }, { "reference_url": "https://usn.ubuntu.com/511-1/", "reference_id": "USN-511-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/511-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-3999" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yu5-qag8-23cf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74928?format=api", "vulnerability_id": "VCID-ce17-bbd4-tyc1", "summary": "The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos 5 (krb5) 1.6.1 and earlier might allow remote attackers to execute arbitrary code via a zero-length RPC credential, which causes kadmind to free an uninitialized pointer during cleanup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2442.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-2442.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2442", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.42571", "scoring_system": "epss", "scoring_elements": "0.97537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.42571", "scoring_system": "epss", "scoring_elements": "0.97542", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.42571", "scoring_system": "epss", "scoring_elements": "0.97544", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-2442" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2442" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=245547", "reference_id": "245547", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=245547" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787", "reference_id": "430787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430787" }, { "reference_url": "https://security.gentoo.org/glsa/200707-11", "reference_id": "GLSA-200707-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200707-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0384", "reference_id": "RHSA-2007:0384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0562", "reference_id": "RHSA-2007:0562", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0562" }, { "reference_url": "https://usn.ubuntu.com/477-1/", "reference_id": "USN-477-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/477-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-2442" ], "risk_score": 0.2, "exploitability": "0.5", "weighted_severity": "0.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ce17-bbd4-tyc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74921?format=api", "vulnerability_id": "VCID-jbkg-zyb4-ybdc", "summary": "The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0956.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0956.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0956", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.25754", "scoring_system": "epss", "scoring_elements": "0.96353", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.25754", "scoring_system": "epss", "scoring_elements": "0.96358", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.25754", "scoring_system": "epss", "scoring_elements": "0.96362", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0956" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0956" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=229782", "reference_id": "229782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=229782" }, { "reference_url": "https://security.gentoo.org/glsa/200704-02", "reference_id": "GLSA-200704-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200704-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0095", "reference_id": "RHSA-2007:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0095" }, { "reference_url": "https://usn.ubuntu.com/449-1/", "reference_id": "USN-449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-0956" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbkg-zyb4-ybdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74953?format=api", "vulnerability_id": "VCID-m9pf-r95d-4qbx", "summary": "The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitive information, aka \"Uninitialized stack values.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0063.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0063.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0063", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04904", "scoring_system": "epss", "scoring_elements": "0.89779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04904", "scoring_system": "epss", "scoring_elements": "0.89795", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04904", "scoring_system": "epss", "scoring_elements": "0.89797", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0063" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0063" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621", "reference_id": "432621", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432621" }, { "reference_url": "https://security.gentoo.org/glsa/200803-31", "reference_id": "GLSA-200803-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0164", "reference_id": "RHSA-2008:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0180", "reference_id": "RHSA-2008:0180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0181", "reference_id": "RHSA-2008:0181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0182", "reference_id": "RHSA-2008:0182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0182" }, { "reference_url": "https://usn.ubuntu.com/587-1/", "reference_id": "USN-587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2008-0063" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m9pf-r95d-4qbx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74941?format=api", "vulnerability_id": "VCID-phbg-1ygq-9qb6", "summary": "The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating \" The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5894.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5894.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5894", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86319", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86341", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02774", "scoring_system": "epss", "scoring_elements": "0.86343", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-5894" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5894" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=415311", "reference_id": "415311", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=415311" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974", "reference_id": "454974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454974" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-5894" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phbg-1ygq-9qb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74952?format=api", "vulnerability_id": "VCID-zca5-fvv5-6yeq", "summary": "KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0062.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0062.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0062", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.16257", "scoring_system": "epss", "scoring_elements": "0.94946", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.16257", "scoring_system": "epss", "scoring_elements": "0.94954", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.16257", "scoring_system": "epss", "scoring_elements": "0.94955", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0062" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0062" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620", "reference_id": "432620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=432620" }, { "reference_url": "https://security.gentoo.org/glsa/200803-31", "reference_id": "GLSA-200803-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0164", "reference_id": "RHSA-2008:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0180", "reference_id": "RHSA-2008:0180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0180" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0181", "reference_id": "RHSA-2008:0181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0182", "reference_id": "RHSA-2008:0182", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0182" }, { "reference_url": "https://usn.ubuntu.com/587-1/", "reference_id": "USN-587-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/587-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2008-0062" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zca5-fvv5-6yeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74939?format=api", "vulnerability_id": "VCID-zqek-558r-wqf8", "summary": "The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4743.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20249", "scoring_system": "epss", "scoring_elements": "0.95627", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.20249", "scoring_system": "epss", "scoring_elements": "0.95633", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.20249", "scoring_system": "epss", "scoring_elements": "0.95637", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=281561", "reference_id": "281561", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=281561" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441209", "reference_id": "441209", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441209" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0892", "reference_id": "RHSA-2007:0892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0892" }, { "reference_url": "https://usn.ubuntu.com/511-2/", "reference_id": "USN-511-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/511-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-4743" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqek-558r-wqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74924?format=api", "vulnerability_id": "VCID-zzy2-uume-kyd8", "summary": "Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0957.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-0957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26118", "scoring_system": "epss", "scoring_elements": "0.96389", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.26118", "scoring_system": "epss", "scoring_elements": "0.96394", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.26118", "scoring_system": "epss", "scoring_elements": "0.96398", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-0957" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=231528", "reference_id": "231528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=231528" }, { "reference_url": "https://security.gentoo.org/glsa/200704-02", "reference_id": "GLSA-200704-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200704-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0095", "reference_id": "RHSA-2007:0095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0095" }, { "reference_url": "https://usn.ubuntu.com/449-1/", "reference_id": "USN-449-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/449-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6246?format=api", "purl": "pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-11jm-yxbs-1kfj" }, { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-1sps-s2a3-wbad" }, { "vulnerability": "VCID-1u82-w13p-cfbk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3jcm-y59r-47a5" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-53pj-pwxv-qqhv" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-5jja-ssqm-skhu" }, { "vulnerability": "VCID-5thq-ff3f-h7f6" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7ey4-ge6f-9uct" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-8fxt-3wg4-dkbb" }, { "vulnerability": "VCID-9axv-m7xk-quax" }, { "vulnerability": "VCID-a4cc-w95t-8fh6" }, { "vulnerability": "VCID-at3s-18x4-n7e2" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-bg27-2hv6-m7cx" }, { "vulnerability": "VCID-bkdg-dybz-t3fy" }, { "vulnerability": "VCID-bkqm-d2bp-f7fe" }, { "vulnerability": "VCID-c2t4-3vdu-wqf1" }, { "vulnerability": "VCID-c3qw-eazy-nyer" }, { "vulnerability": "VCID-c5ev-cgh8-3kda" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-d2qf-r6jd-r3c7" }, { "vulnerability": "VCID-d42v-zwu4-a3ge" }, { "vulnerability": "VCID-d53g-faqf-gfdp" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-ezm2-e8zw-g7dg" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-f72c-txrr-ukga" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-g9nw-c9d1-a3er" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-hre7-pp7p-13fs" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jbf6-vrjc-syg1" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-ksar-xuza-8kg7" }, { "vulnerability": "VCID-kszc-uv1w-syb1" }, { "vulnerability": "VCID-ktuq-s8bz-1qam" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-ny7t-pkm8-2fb4" }, { "vulnerability": "VCID-pbeh-n41k-s7au" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-sewn-mfcw-gygm" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-vxvk-vwan-ukak" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-yy22-6ztx-67d4" }, { "vulnerability": "VCID-zv6f-cpbv-a7b7" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" } ], "aliases": [ "CVE-2007-0957" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zzy2-uume-kyd8" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.6.dfsg.4~beta1-5lenny7" }