Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6248?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6248?format=api", "purl": "pkg:deb/debian/krb5@1.8.3%2Bdfsg-4squeeze11", "type": "deb", "namespace": "debian", "name": "krb5", "version": "1.8.3+dfsg-4squeeze11", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.20.1-2+deb12u4", "latest_non_vulnerable_version": "1.20.1-2+deb12u4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74980?format=api", "vulnerability_id": "VCID-11jm-yxbs-1kfj", "summary": "The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a kinit operation with incorrect string case for the realm, related to the is_principal_in_realm, krb5_set_error_message, krb5_ldap_get_principal, and process_as_req functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02618", "scoring_system": "epss", "scoring_elements": "0.85938", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02618", "scoring_system": "epss", "scoring_elements": "0.8596", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02618", "scoring_system": "epss", "scoring_elements": "0.85964", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1527" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1379", "reference_id": "RHSA-2011:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1379" }, { "reference_url": "https://usn.ubuntu.com/1233-1/", "reference_id": "USN-1233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1527" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-11jm-yxbs-1kfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75006?format=api", "vulnerability_id": "VCID-1nn6-mr7d-wyhk", "summary": "The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in kadmind in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 allows remote authenticated users to bypass a kadmin/* authorization check and obtain administrative access by leveraging access to a two-component principal with an initial \"kadmind\" substring, as demonstrated by a \"ka/x\" principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9422.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74304", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74337", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00794", "scoring_system": "epss", "scoring_elements": "0.74342", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179861", "reference_id": "1179861", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179861" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-9422" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1nn6-mr7d-wyhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74997?format=api", "vulnerability_id": "VCID-2674-wgen-1qbk", "summary": "Double free vulnerability in the init_ctx_reselect function in the SPNEGO initiator in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.10.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via network traffic that appears to come from an intended acceptor, but specifies a security mechanism different from the one proposed by the initiator.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4343.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07384", "scoring_system": "epss", "scoring_elements": "0.91864", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07384", "scoring_system": "epss", "scoring_elements": "0.91876", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07384", "scoring_system": "epss", "scoring_elements": "0.91877", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121876", "reference_id": "1121876", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121876" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520", "reference_id": "755520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755520" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4343" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2674-wgen-1qbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75015?format=api", "vulnerability_id": "VCID-2tn3-dfqx-5yc9", "summary": "Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8631.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8631", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02635", "scoring_system": "epss", "scoring_elements": "0.85985", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02635", "scoring_system": "epss", "scoring_elements": "0.86006", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02635", "scoring_system": "epss", "scoring_elements": "0.86009", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8631" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302642", "reference_id": "1302642", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302642" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126", "reference_id": "813126", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0493", "reference_id": "RHSA-2016:0493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0532", "reference_id": "RHSA-2016:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-8631" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2tn3-dfqx-5yc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61752?format=api", "vulnerability_id": "VCID-3d22-kr2u-tuck", "summary": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28666", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28707", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317", "reference_id": "1135317", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "reference_id": "2463370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463370" }, { "reference_url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "reference_id": "2e75f0d9362fb979f5fc92829431a590a130929f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/" } ], "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "reference_url": "https://web.mit.edu/kerberos/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/" } ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "reference_url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "reference_id": "krb5-two-unauthenticated-network-vulnerabilities.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T12:53:15Z/" } ], "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12220", "reference_id": "RHSA-2026:12220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16799", "reference_id": "RHSA-2026:16799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19145", "reference_id": "RHSA-2026:19145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19357", "reference_id": "RHSA-2026:19357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22634", "reference_id": "RHSA-2026:22634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2026-40355" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3d22-kr2u-tuck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75003?format=api", "vulnerability_id": "VCID-3df1-58jr-e7gv", "summary": "plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin \"add_principal -nokey\" or \"purgekeys -all\" command.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5354.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5354", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.67978", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.68017", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0054", "scoring_system": "epss", "scoring_elements": "0.68025", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5354" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5354" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174546", "reference_id": "1174546", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174546" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228", "reference_id": "773228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773228" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5354" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3df1-58jr-e7gv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74983?format=api", "vulnerability_id": "VCID-3jcm-y59r-47a5", "summary": "The process_tgs_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 through 1.9.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS request that triggers an error other than the KRB5_KDB_NOENTRY error.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1530.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76529", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76564", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1530" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1530" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=753748", "reference_id": "753748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=753748" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1790", "reference_id": "RHSA-2011:1790", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1790" }, { "reference_url": "https://usn.ubuntu.com/1290-1/", "reference_id": "USN-1290-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1290-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1530" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3jcm-y59r-47a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75022?format=api", "vulnerability_id": "VCID-3tas-mucv-aufk", "summary": "An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function \"strlen\" is getting a \"NULL\" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60026", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60073", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60076", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5710" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535575", "reference_id": "1535575", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535575" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685", "reference_id": "889685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889685" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-5710" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tas-mucv-aufk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75002?format=api", "vulnerability_id": "VCID-42rr-7ajf-eqg7", "summary": "The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5353.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5353", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68272", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68313", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00548", "scoring_system": "epss", "scoring_elements": "0.68321", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5353" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5353" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174543", "reference_id": "1174543", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1174543" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226", "reference_id": "773226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5353" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42rr-7ajf-eqg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75020?format=api", "vulnerability_id": "VCID-4mm3-t6eu-4qde", "summary": "A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02665", "scoring_system": "epss", "scoring_elements": "0.86077", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02665", "scoring_system": "epss", "scoring_elements": "0.86098", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02665", "scoring_system": "epss", "scoring_elements": "0.86102", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-20217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20217" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665296", "reference_id": "1665296", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1665296" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387", "reference_id": "917387", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=917387" }, { "reference_url": "https://usn.ubuntu.com/5828-1/", "reference_id": "USN-5828-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5828-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-20217" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mm3-t6eu-4qde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75005?format=api", "vulnerability_id": "VCID-596a-s3un-vbbc", "summary": "The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9421.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05356", "scoring_system": "epss", "scoring_elements": "0.90245", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05356", "scoring_system": "epss", "scoring_elements": "0.90261", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05356", "scoring_system": "epss", "scoring_elements": "0.90259", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179857", "reference_id": "1179857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-9421" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-596a-s3un-vbbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75004?format=api", "vulnerability_id": "VCID-6jnk-3rfw-nkh8", "summary": "MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a krb5_read_message data field is represented as a string ending with a '\\0' character, which allows remote attackers to (1) cause a denial of service (NULL pointer dereference) via a zero-byte version string or (2) cause a denial of service (out-of-bounds read) by omitting the '\\0' character, related to appl/user_user/server.c and lib/krb5/krb/recvauth.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5355.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5355", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08201", "scoring_system": "epss", "scoring_elements": "0.92352", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08201", "scoring_system": "epss", "scoring_elements": "0.92366", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08201", "scoring_system": "epss", "scoring_elements": "0.92362", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5355" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5355" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193939", "reference_id": "1193939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193939" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647", "reference_id": "778647", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2154", "reference_id": "RHSA-2015:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2154" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5355" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6jnk-3rfw-nkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74874?format=api", "vulnerability_id": "VCID-7wnb-bhuv-tycp", "summary": "schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-2443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15013", "scoring_system": "epss", "scoring_elements": "0.94695", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.15013", "scoring_system": "epss", "scoring_elements": "0.94704", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-2443" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267", "reference_id": "708267", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=962531", "reference_id": "962531", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962531" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0942", "reference_id": "RHSA-2013:0942", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0942" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2002-2443" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wnb-bhuv-tycp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74982?format=api", "vulnerability_id": "VCID-8fxt-3wg4-dkbb", "summary": "The lookup_lockout_policy function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the db2 (aka Berkeley DB) or LDAP back end is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger certain process_as_req errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02376", "scoring_system": "epss", "scoring_elements": "0.85263", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02376", "scoring_system": "epss", "scoring_elements": "0.85287", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02376", "scoring_system": "epss", "scoring_elements": "0.85292", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1529" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1379", "reference_id": "RHSA-2011:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1379" }, { "reference_url": "https://usn.ubuntu.com/1233-1/", "reference_id": "USN-1233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1529" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8fxt-3wg4-dkbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74985?format=api", "vulnerability_id": "VCID-at3s-18x4-n7e2", "summary": "server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1012.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1012", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47041", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47106", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00238", "scoring_system": "epss", "scoring_elements": "0.47109", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1012" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1012" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918", "reference_id": "670918", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670918" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=796438", "reference_id": "796438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=796438" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1012" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at3s-18x4-n7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75008?format=api", "vulnerability_id": "VCID-b6a9-hnjx-c3gk", "summary": "The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2694", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0089", "scoring_system": "epss", "scoring_elements": "0.75903", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0089", "scoring_system": "epss", "scoring_elements": "0.75929", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2694" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216133", "reference_id": "1216133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557", "reference_id": "783557", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:2154", "reference_id": "RHSA-2015:2154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:2154" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2694" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b6a9-hnjx-c3gk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74993?format=api", "vulnerability_id": "VCID-bdmc-p544-bfg9", "summary": "do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.11 before 1.11.4, when a single-component realm name is used, allows remote authenticated users to cause a denial of service (daemon crash) via a TGS-REQ request that triggers an attempted cross-realm referral for a host-based service principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68062", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68101", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00543", "scoring_system": "epss", "scoring_elements": "0.68109", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030743", "reference_id": "1030743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030743" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085", "reference_id": "730085", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730085" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2013-1417" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdmc-p544-bfg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74984?format=api", "vulnerability_id": "VCID-bg27-2hv6-m7cx", "summary": "The krb5_db2_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4, when the db2 (aka Berkeley DB) back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, a different vulnerability than CVE-2011-1528.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-4151.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4151", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79281", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79308", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01205", "scoring_system": "epss", "scoring_elements": "0.79313", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4151" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4151" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-4151" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bg27-2hv6-m7cx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74974?format=api", "vulnerability_id": "VCID-bkdg-dybz-t3fy", "summary": "The do_standalone function in the MIT krb5 KDC database propagation daemon (kpropd) in Kerberos 1.7, 1.8, and 1.9, when running in standalone mode, does not properly handle when a worker child process \"exits abnormally,\" which allows remote attackers to cause a denial of service (listening process termination, no new connections, and lack of updates in slave KVC) via unspecified vectors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-4022.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4022", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08988", "scoring_system": "epss", "scoring_elements": "0.92761", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08988", "scoring_system": "epss", "scoring_elements": "0.92774", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08988", "scoring_system": "epss", "scoring_elements": "0.92769", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-4022" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4022" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=664009", "reference_id": "664009", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=664009" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0200", "reference_id": "RHSA-2011:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0200" }, { "reference_url": "https://usn.ubuntu.com/1062-1/", "reference_id": "USN-1062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2010-4022" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkdg-dybz-t3fy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74991?format=api", "vulnerability_id": "VCID-bkqm-d2bp-f7fe", "summary": "The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1416.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1416", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02274", "scoring_system": "epss", "scoring_elements": "0.84961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02274", "scoring_system": "epss", "scoring_elements": "0.84985", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02274", "scoring_system": "epss", "scoring_elements": "0.84989", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1416" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1416" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775", "reference_id": "704775", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704775" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=949984", "reference_id": "949984", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=949984" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0748", "reference_id": "RHSA-2013:0748", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0748" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2013-1416" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bkqm-d2bp-f7fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75023?format=api", "vulnerability_id": "VCID-c5he-57zg-fybc", "summary": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to cause a denial of service (NULL pointer dereference) or bypass a DN container check by supplying tagged data that is internal to the database module.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22938", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.2302", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.23006", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551083", "reference_id": "1551083", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551083" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", "reference_id": "891869", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869" }, { "reference_url": "https://security.archlinux.org/ASA-201806-3", "reference_id": "ASA-201806-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-3" }, { "reference_url": "https://security.archlinux.org/AVG-586", "reference_id": "AVG-586", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3071", "reference_id": "RHSA-2018:3071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3071" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-5729" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5he-57zg-fybc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74978?format=api", "vulnerability_id": "VCID-d42v-zwu4-a3ge", "summary": "Double free vulnerability in the prepare_error_as function in do_as_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 through 1.9, when the PKINIT feature is enabled, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via an e_data field containing typed data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0284.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2264", "scoring_system": "epss", "scoring_elements": "0.9596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2264", "scoring_system": "epss", "scoring_elements": "0.95964", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2264", "scoring_system": "epss", "scoring_elements": "0.95968", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517", "reference_id": "618517", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618517" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=674325", "reference_id": "674325", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=674325" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0356", "reference_id": "RHSA-2011:0356", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0356" }, { "reference_url": "https://usn.ubuntu.com/1088-1/", "reference_id": "USN-1088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1088-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0284" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d42v-zwu4-a3ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74988?format=api", "vulnerability_id": "VCID-d53g-faqf-gfdp", "summary": "The kdc_handle_protected_negotiation function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x before 1.9.5, and 1.10.x before 1.10.3 attempts to calculate a checksum before verifying that the key type is appropriate for a checksum, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free, heap memory corruption, and daemon crash) via a crafted AS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1015.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1015", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79563", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01234", "scoring_system": "epss", "scoring_elements": "0.79569", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1015" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1015" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429", "reference_id": "683429", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=838012", "reference_id": "838012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838012" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1131", "reference_id": "RHSA-2012:1131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1131" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1015" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d53g-faqf-gfdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75007?format=api", "vulnerability_id": "VCID-dbaq-qjd2-d7c9", "summary": "The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (aka krb5) 1.11.x through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 transmits uninitialized interposer data to clients, which allows remote attackers to obtain sensitive information from process heap memory by sniffing the network for data in a handle field.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9423.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01537", "scoring_system": "epss", "scoring_elements": "0.81674", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01537", "scoring_system": "epss", "scoring_elements": "0.81705", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9423" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179863", "reference_id": "1179863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179863" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-9423" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbaq-qjd2-d7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75018?format=api", "vulnerability_id": "VCID-e1xu-a882-s3ga", "summary": "The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89087", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0432", "scoring_system": "epss", "scoring_elements": "0.89105", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3120" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361050", "reference_id": "1361050", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1361050" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572", "reference_id": "832572", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832572" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2591", "reference_id": "RHSA-2016:2591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2591" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-3120" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e1xu-a882-s3ga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75027?format=api", "vulnerability_id": "VCID-ekzs-tuvp-ybfq", "summary": "ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36222.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36222", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06615", "scoring_system": "epss", "scoring_elements": "0.91351", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06615", "scoring_system": "epss", "scoring_elements": "0.91364", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06615", "scoring_system": "epss", "scoring_elements": "0.91366", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36222" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36222" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983720", "reference_id": "1983720", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1983720" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365", "reference_id": "991365", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991365" }, { "reference_url": "https://security.archlinux.org/AVG-2173", "reference_id": "AVG-2173", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2173" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3576", "reference_id": "RHSA-2021:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3576" }, { "reference_url": "https://usn.ubuntu.com/5959-1/", "reference_id": "USN-5959-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5959-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2021-36222" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ekzs-tuvp-ybfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74994?format=api", "vulnerability_id": "VCID-esm3-3qwz-cud2", "summary": "The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07674", "scoring_system": "epss", "scoring_elements": "0.92046", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07674", "scoring_system": "epss", "scoring_elements": "0.92058", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07674", "scoring_system": "epss", "scoring_elements": "0.92056", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1418" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026942", "reference_id": "1026942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1026942" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845", "reference_id": "728845", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728845" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1245", "reference_id": "RHSA-2014:1245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2013-1418" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-esm3-3qwz-cud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74989?format=api", "vulnerability_id": "VCID-ezm2-e8zw-g7dg", "summary": "The pkinit_server_return_padata function in plugins/preauth/pkinit/pkinit_srv.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 attempts to find an agility KDF identifier in inappropriate circumstances, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted Draft 9 request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1016.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71018", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.7106", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00643", "scoring_system": "epss", "scoring_elements": "0.71067", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1016" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633", "reference_id": "702633", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702633" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=917840", "reference_id": "917840", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0656", "reference_id": "RHSA-2013:0656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0656" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1016" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ezm2-e8zw-g7dg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74995?format=api", "vulnerability_id": "VCID-f343-u3jt-pkfy", "summary": "MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read and application crash) by injecting invalid tokens into a GSSAPI application session.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4341.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14451", "scoring_system": "epss", "scoring_elements": "0.94559", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14451", "scoring_system": "epss", "scoring_elements": "0.94567", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14451", "scoring_system": "epss", "scoring_elements": "0.94569", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116180", "reference_id": "1116180", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1116180" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624", "reference_id": "753624", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753624" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1245", "reference_id": "RHSA-2014:1245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4341" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f343-u3jt-pkfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75011?format=api", "vulnerability_id": "VCID-fcy5-mv1a-n7dh", "summary": "The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\\0' character in a long realm field within a TGS request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05447", "scoring_system": "epss", "scoring_elements": "0.90342", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05447", "scoring_system": "epss", "scoring_elements": "0.90357", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05447", "scoring_system": "epss", "scoring_elements": "0.90356", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275863", "reference_id": "1275863", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275863" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088", "reference_id": "803088", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803088" }, { "reference_url": "https://security.gentoo.org/glsa/201611-14", "reference_id": "GLSA-201611-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-14" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2697" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcy5-mv1a-n7dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75014?format=api", "vulnerability_id": "VCID-fvfb-k9ar-93eu", "summary": "The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by specifying KADM5_POLICY with a NULL policy name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8630.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03623", "scoring_system": "epss", "scoring_elements": "0.88014", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03623", "scoring_system": "epss", "scoring_elements": "0.88034", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03623", "scoring_system": "epss", "scoring_elements": "0.88038", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8630" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8630" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302632", "reference_id": "1302632", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302632" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127", "reference_id": "813127", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0532", "reference_id": "RHSA-2016:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-8630" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fvfb-k9ar-93eu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75016?format=api", "vulnerability_id": "VCID-h23e-nhyz-8uda", "summary": "The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3119.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3119", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10203", "scoring_system": "epss", "scoring_elements": "0.93271", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10203", "scoring_system": "epss", "scoring_elements": "0.93283", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3119" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3119" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319616", "reference_id": "1319616", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1319616" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468", "reference_id": "819468", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819468" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2591", "reference_id": "RHSA-2016:2591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2591" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-3119" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h23e-nhyz-8uda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74990?format=api", "vulnerability_id": "VCID-hre7-pp7p-13fs", "summary": "The pkinit_check_kdc_pkid function in plugins/preauth/pkinit/pkinit_crypto_openssl.c in the PKINIT implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.4 and 1.11.x before 1.11.1 does not properly handle errors during extraction of fields from an X.509 certificate, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a malformed KRB5_PADATA_PK_AS_REQ AS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1415.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1415", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01588", "scoring_system": "epss", "scoring_elements": "0.81961", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01588", "scoring_system": "epss", "scoring_elements": "0.81994", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01588", "scoring_system": "epss", "scoring_elements": "0.81995", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-1415" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=914749", "reference_id": "914749", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914749" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0656", "reference_id": "RHSA-2013:0656", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0656" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2013-1415" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hre7-pp7p-13fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6879?format=api", "vulnerability_id": "VCID-husp-fm64-nfa9", "summary": "denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37750.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37750", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72752", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72799", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37750" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37750" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996834", "reference_id": "1996834", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996834" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607", "reference_id": "992607", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992607" }, { "reference_url": "https://security.archlinux.org/AVG-2312", "reference_id": "AVG-2312", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2312" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3576", "reference_id": "RHSA-2021:3576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3576" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4788", "reference_id": "RHSA-2021:4788", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4788" }, { "reference_url": "https://usn.ubuntu.com/5959-1/", "reference_id": "USN-5959-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5959-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2021-37750" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-husp-fm64-nfa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74998?format=api", "vulnerability_id": "VCID-j145-f5mp-xkeq", "summary": "The acc_ctx_cont function in the SPNEGO acceptor in lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) 1.5.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty continuation token at a certain point during a SPNEGO negotiation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4344.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0527", "scoring_system": "epss", "scoring_elements": "0.90169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0527", "scoring_system": "epss", "scoring_elements": "0.90185", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0527", "scoring_system": "epss", "scoring_elements": "0.90183", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121877", "reference_id": "1121877", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1121877" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521", "reference_id": "755521", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1245", "reference_id": "RHSA-2014:1245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4344" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j145-f5mp-xkeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75024?format=api", "vulnerability_id": "VCID-j6qa-q1h1-3uaq", "summary": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5730.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5730", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.69169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.69208", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00576", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5730" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082", "reference_id": "1551082", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869", "reference_id": "891869", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869" }, { "reference_url": "https://security.archlinux.org/ASA-201806-3", "reference_id": "ASA-201806-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201806-3" }, { "reference_url": "https://security.archlinux.org/AVG-586", "reference_id": "AVG-586", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3071", "reference_id": "RHSA-2018:3071", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3071" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2018-5730" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qa-q1h1-3uaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74987?format=api", "vulnerability_id": "VCID-jbf6-vrjc-syg1", "summary": "The process_as_req function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.10.x before 1.10.3 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (uninitialized pointer dereference and daemon crash) or possibly execute arbitrary code via a malformed AS-REQ request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1014.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1014", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04152", "scoring_system": "epss", "scoring_elements": "0.88861", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04152", "scoring_system": "epss", "scoring_elements": "0.88878", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1014" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1014" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429", "reference_id": "683429", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683429" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=838014", "reference_id": "838014", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=838014" }, { "reference_url": "https://security.gentoo.org/glsa/201312-12", "reference_id": "GLSA-201312-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201312-12" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1014" ], "risk_score": 1.0, "exploitability": "0.5", "weighted_severity": "2.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbf6-vrjc-syg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6806?format=api", "vulnerability_id": "VCID-jfhc-x8j6-yuab", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37370.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37370", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68171", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00545", "scoring_system": "epss", "scoring_elements": "0.68162", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677", "reference_id": "2294677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294677" }, { "reference_url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_id": "55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/" } ], "url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef" }, { "reference_url": "https://web.mit.edu/kerberos/www/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-01T15:25:49Z/" } ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "reference_url": "https://security.archlinux.org/AVG-2856", "reference_id": "AVG-2856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4734", "reference_id": "RHSA-2024:4734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4743", "reference_id": "RHSA-2024:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5076", "reference_id": "RHSA-2024:5076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5312", "reference_id": "RHSA-2024:5312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5316", "reference_id": "RHSA-2024:5316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5625", "reference_id": "RHSA-2024:5625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5630", "reference_id": "RHSA-2024:5630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5643", "reference_id": "RHSA-2024:5643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5884", "reference_id": "RHSA-2024:5884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6166", "reference_id": "RHSA-2024:6166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "reference_url": "https://usn.ubuntu.com/6947-1/", "reference_id": "USN-6947-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6947-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2024-37370" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jfhc-x8j6-yuab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74975?format=api", "vulnerability_id": "VCID-ksar-xuza-8kg7", "summary": "The unparse implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (file descriptor exhaustion and daemon hang) via a principal name that triggers use of a backslash escape sequence, as demonstrated by a \\n sequence.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0281.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0281", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10754", "scoring_system": "epss", "scoring_elements": "0.93472", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10754", "scoring_system": "epss", "scoring_elements": "0.93483", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10754", "scoring_system": "epss", "scoring_elements": "0.93484", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0281" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0281" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=668719", "reference_id": "668719", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=668719" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0199", "reference_id": "RHSA-2011:0199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0200", "reference_id": "RHSA-2011:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0200" }, { "reference_url": "https://usn.ubuntu.com/1062-1/", "reference_id": "USN-1062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0281" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksar-xuza-8kg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74979?format=api", "vulnerability_id": "VCID-ktuq-s8bz-1qam", "summary": "The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.54024", "scoring_system": "epss", "scoring_elements": "0.98055", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.54024", "scoring_system": "epss", "scoring_elements": "0.98057", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0285" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681", "reference_id": "622681", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622681" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=696334", "reference_id": "696334", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=696334" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt", "reference_id": "CVE-2011-0285;OSVDB-71789", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/35606.txt" }, { "reference_url": "https://www.securityfocus.com/bid/47310/info", "reference_id": "CVE-2011-0285;OSVDB-71789", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/47310/info" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0447", "reference_id": "RHSA-2011:0447", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0447" }, { "reference_url": "https://usn.ubuntu.com/1116-1/", "reference_id": "USN-1116-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1116-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0285" ], "risk_score": 1.0, "exploitability": "2.0", "weighted_severity": "0.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktuq-s8bz-1qam" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75026?format=api", "vulnerability_id": "VCID-kwy5-x7m9-4qgt", "summary": "MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76818", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76779", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00955", "scoring_system": "epss", "scoring_elements": "0.76812", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28196" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901041", "reference_id": "1901041", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1901041" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/", "reference_id": "45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/45KKOZQWIIIW5C45PJVGQ32AXBSYNBE7/" }, { "reference_url": "https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd", "reference_id": "57415dda6cf04e73ffc3723be518eddfae599bfd", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/", "reference_id": "73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73IGOG6CZAVMVNS4GGRMOLOZ7B6QVA7F/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880", "reference_id": "973880", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973880" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4795", "reference_id": "dsa-4795", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://www.debian.org/security/2020/dsa-4795" }, { "reference_url": "https://security.gentoo.org/glsa/202011-17", "reference_id": "GLSA-202011-17", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://security.gentoo.org/glsa/202011-17" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/", "reference_id": "KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KPH2V3WSQTELROZK3GFCPQDOFLKIZ6H5/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html", "reference_id": "msg00011.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00011.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20201202-0001/", "reference_id": "ntap-20201202-0001", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20201202-0001/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210513-0002/", "reference_id": "ntap-20210513-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210513-0002/" }, { "reference_url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_id": "rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T18:14:50Z/" } ], "url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1593", "reference_id": "RHSA-2021:1593", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2239", "reference_id": "RHSA-2021:2239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2239" }, { "reference_url": "https://usn.ubuntu.com/4635-1/", "reference_id": "USN-4635-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4635-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2020-28196" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kwy5-x7m9-4qgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75012?format=api", "vulnerability_id": "VCID-mbrk-dkua-uyeq", "summary": "The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service (memory corruption) or possibly have unspecified other impact by interacting with an application that calls the gss_export_sec_context function. NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-2696.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2698.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75505", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75534", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75537", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2698" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278951", "reference_id": "1278951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1278951" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2698" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbrk-dkua-uyeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74986?format=api", "vulnerability_id": "VCID-ny7t-pkm8-2fb4", "summary": "The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service (NULL pointer dereference and daemon crash) via a KRB5_KDB_DISALLOW_ALL_TIX create request that lacks a password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77794", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77821", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01042", "scoring_system": "epss", "scoring_elements": "0.77828", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1013" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1013" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647", "reference_id": "687647", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687647" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=827517", "reference_id": "827517", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=827517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1131", "reference_id": "RHSA-2012:1131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2012:1131" }, { "reference_url": "https://usn.ubuntu.com/1520-1/", "reference_id": "USN-1520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2012-1013" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ny7t-pkm8-2fb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75010?format=api", "vulnerability_id": "VCID-pj93-uzpy-3bg1", "summary": "lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted IAKERB packet that is mishandled during a gss_inquire_context call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10768", "scoring_system": "epss", "scoring_elements": "0.93477", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10768", "scoring_system": "epss", "scoring_elements": "0.93488", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.10768", "scoring_system": "epss", "scoring_elements": "0.93489", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275869", "reference_id": "1275869", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275869" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084", "reference_id": "803084", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803084" }, { "reference_url": "https://security.gentoo.org/glsa/201611-14", "reference_id": "GLSA-201611-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-14" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2696" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pj93-uzpy-3bg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75034?format=api", "vulnerability_id": "VCID-pq2d-33kw-ayb7", "summary": "A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-3576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48824", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00252", "scoring_system": "epss", "scoring_elements": "0.48832", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-3576" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3576" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525", "reference_id": "1103525", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103525" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465", "reference_id": "2359465", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359465" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-3576", "reference_id": "CVE-2025-3576", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-3576" }, { "reference_url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html", "reference_id": "krb5-1.22.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://web.mit.edu/kerberos/krb5-1.22/krb5-1.22.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:11487", "reference_id": "RHSA-2025:11487", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:11487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13664", "reference_id": "RHSA-2025:13664", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:13777", "reference_id": "RHSA-2025:13777", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:13777" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15000", "reference_id": "RHSA-2025:15000", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15001", "reference_id": "RHSA-2025:15001", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15001" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15002", "reference_id": "RHSA-2025:15002", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15003", "reference_id": "RHSA-2025:15003", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15004", "reference_id": "RHSA-2025:15004", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8411", "reference_id": "RHSA-2025:8411", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:8411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9418", "reference_id": "RHSA-2025:9418", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9430", "reference_id": "RHSA-2025:9430", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-15T13:11:53Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:9430" }, { "reference_url": "https://usn.ubuntu.com/7542-1/", "reference_id": "USN-7542-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7542-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2025-3576" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pq2d-33kw-ayb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75009?format=api", "vulnerability_id": "VCID-py4d-vrgu-5ueu", "summary": "lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read and process crash) via a crafted SPNEGO packet that is mishandled during a gss_inquire_context call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2695.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04582", "scoring_system": "epss", "scoring_elements": "0.89406", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04582", "scoring_system": "epss", "scoring_elements": "0.89424", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04582", "scoring_system": "epss", "scoring_elements": "0.89423", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2695" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275871", "reference_id": "1275871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1275871" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083", "reference_id": "803083", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803083" }, { "reference_url": "https://security.gentoo.org/glsa/201611-14", "reference_id": "GLSA-201611-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201611-14" }, { "reference_url": "https://usn.ubuntu.com/2810-1/", "reference_id": "USN-2810-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2810-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-2695" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-py4d-vrgu-5ueu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6466?format=api", "vulnerability_id": "VCID-rgc3-hzw1-3bcp", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11462.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11462", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77958", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77965", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01055", "scoring_system": "epss", "scoring_elements": "0.77931", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11462" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", "reference_id": "1488873", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563", "reference_id": "873563", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873563" }, { "reference_url": "https://security.archlinux.org/ASA-201710-8", "reference_id": "ASA-201710-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-8" }, { "reference_url": "https://security.archlinux.org/ASA-201710-9", "reference_id": "ASA-201710-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-9" }, { "reference_url": "https://security.archlinux.org/AVG-414", "reference_id": "AVG-414", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-414" }, { "reference_url": "https://security.archlinux.org/AVG-415", "reference_id": "AVG-415", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-415" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2017-11462" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rgc3-hzw1-3bcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75033?format=api", "vulnerability_id": "VCID-s1hu-g4ns-5ydy", "summary": "In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-24528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42956", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00206", "scoring_system": "epss", "scoring_elements": "0.42945", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24528" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730", "reference_id": "1094730", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094730" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796", "reference_id": "2342796", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342796" }, { "reference_url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0", "reference_id": "78ceba024b64d49612375be4a12d1c066b0bfbd0", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/" } ], "url": "https://github.com/krb5/krb5/commit/78ceba024b64d49612375be4a12d1c066b0bfbd0" }, { "reference_url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final", "reference_id": "krb5-1.21.3-final...krb5-1.22-final", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-16T17:39:31Z/" } ], "url": "https://github.com/krb5/krb5/compare/krb5-1.21.3-final...krb5-1.22-final" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1352", "reference_id": "RHSA-2025:1352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2722", "reference_id": "RHSA-2025:2722", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2722" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:2789", "reference_id": "RHSA-2025:2789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:2789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7067", "reference_id": "RHSA-2025:7067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:8385", "reference_id": "RHSA-2025:8385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:8385" }, { "reference_url": "https://usn.ubuntu.com/7314-1/", "reference_id": "USN-7314-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7314-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2025-24528" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s1hu-g4ns-5ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74999?format=api", "vulnerability_id": "VCID-t96y-1vd2-fqe3", "summary": "Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of \"cpw -keepold\" commands.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4345.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11304", "scoring_system": "epss", "scoring_elements": "0.93669", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.11304", "scoring_system": "epss", "scoring_elements": "0.93679", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4345" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128157", "reference_id": "1128157", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1128157" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416", "reference_id": "757416", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757416" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1255", "reference_id": "RHSA-2014:1255", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1255" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4345" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t96y-1vd2-fqe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6805?format=api", "vulnerability_id": "VCID-tg7a-etmk-6fea", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02606", "scoring_system": "epss", "scoring_elements": "0.85933", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02606", "scoring_system": "epss", "scoring_elements": "0.8593", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-37371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37370" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37371" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676", "reference_id": "2294676", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294676" }, { "reference_url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_id": "55fbf435edbe2e92dd8101669b1ce7144bc96fef", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/" } ], "url": "https://github.com/krb5/krb5/commit/55fbf435edbe2e92dd8101669b1ce7144bc96fef" }, { "reference_url": "https://web.mit.edu/kerberos/www/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-09T15:31:33Z/" } ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "reference_url": "https://security.archlinux.org/AVG-2856", "reference_id": "AVG-2856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4734", "reference_id": "RHSA-2024:4734", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4734" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4743", "reference_id": "RHSA-2024:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5076", "reference_id": "RHSA-2024:5076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5312", "reference_id": "RHSA-2024:5312", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5312" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5316", "reference_id": "RHSA-2024:5316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5625", "reference_id": "RHSA-2024:5625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5630", "reference_id": "RHSA-2024:5630", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5630" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5643", "reference_id": "RHSA-2024:5643", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5643" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5884", "reference_id": "RHSA-2024:5884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6166", "reference_id": "RHSA-2024:6166", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" }, { "reference_url": "https://usn.ubuntu.com/6947-1/", "reference_id": "USN-6947-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6947-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2024-37371" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7a-etmk-6fea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61749?format=api", "vulnerability_id": "VCID-u4y9-vrsc-wbdy", "summary": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-40356.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40356", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28625", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40356" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317", "reference_id": "1135317", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135317" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "reference_id": "2463368", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463368" }, { "reference_url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "reference_id": "2e75f0d9362fb979f5fc92829431a590a130929f", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/" } ], "url": "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "reference_url": "https://web.mit.edu/kerberos/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/" } ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "reference_url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "reference_id": "krb5-two-unauthenticated-network-vulnerabilities.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-28T13:10:05Z/" } ], "url": "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12220", "reference_id": "RHSA-2026:12220", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12220" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16799", "reference_id": "RHSA-2026:16799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:16799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19145", "reference_id": "RHSA-2026:19145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19357", "reference_id": "RHSA-2026:19357", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21275", "reference_id": "RHSA-2026:21275", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:21275" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22634", "reference_id": "RHSA-2026:22634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/773967?format=api", "purl": "pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4" } ], "aliases": [ "CVE-2026-40356" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u4y9-vrsc-wbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75013?format=api", "vulnerability_id": "VCID-ukkj-tn8u-yuab", "summary": "The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02043", "scoring_system": "epss", "scoring_elements": "0.8416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02043", "scoring_system": "epss", "scoring_elements": "0.84183", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02043", "scoring_system": "epss", "scoring_elements": "0.84186", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8631" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:P/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302617", "reference_id": "1302617", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302617" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296", "reference_id": "813296", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0493", "reference_id": "RHSA-2016:0493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0532", "reference_id": "RHSA-2016:0532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:0532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6251?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2015-8629" ], "risk_score": 0.6, "exploitability": "0.5", "weighted_severity": "1.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukkj-tn8u-yuab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75000?format=api", "vulnerability_id": "VCID-v4b9-7gb8-7kf7", "summary": "The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5351.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5351", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57614", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57666", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57674", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5351" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145425", "reference_id": "1145425", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145425" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479", "reference_id": "762479", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762479" }, { "reference_url": "https://security.gentoo.org/glsa/201412-53", "reference_id": "GLSA-201412-53", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-53" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5351" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v4b9-7gb8-7kf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75001?format=api", "vulnerability_id": "VCID-vq2w-pgev-f7ha", "summary": "The krb5_gss_process_context_token function in lib/gssapi/krb5/process_context_token.c in the libgssapi_krb5 library in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly maintain security-context handles, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via crafted GSSAPI traffic, as demonstrated by traffic to kadmind.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5352.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05407", "scoring_system": "epss", "scoring_elements": "0.90302", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05407", "scoring_system": "epss", "scoring_elements": "0.90317", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05407", "scoring_system": "epss", "scoring_elements": "0.90316", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5352" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9422" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9423" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179856", "reference_id": "1179856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1179856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0794", "reference_id": "RHSA-2015:0794", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0794" }, { "reference_url": "https://usn.ubuntu.com/2498-1/", "reference_id": "USN-2498-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2498-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-5352" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vq2w-pgev-f7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74899?format=api", "vulnerability_id": "VCID-vuzh-e7pz-fqgt", "summary": "The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0971.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0971", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28583", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28656", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28615", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2004-0971" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617336", "reference_id": "1617336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617336" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271", "reference_id": "278271", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278271" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:012", "reference_id": "RHSA-2005:012", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:012" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6252?format=api", "purl": "pkg:deb/debian/krb5@1.15-1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.15-1%252Bdeb9u1" } ], "aliases": [ "CVE-2004-0971" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuzh-e7pz-fqgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74976?format=api", "vulnerability_id": "VCID-vxvk-vwan-ukak", "summary": "The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service (NULL pointer dereference or buffer over-read, and daemon crash) via a crafted principal name.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0282.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0282", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09562", "scoring_system": "epss", "scoring_elements": "0.93013", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09562", "scoring_system": "epss", "scoring_elements": "0.93024", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.09562", "scoring_system": "epss", "scoring_elements": "0.93021", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-0282" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0282" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=668726", "reference_id": "668726", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=668726" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0199", "reference_id": "RHSA-2011:0199", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0200", "reference_id": "RHSA-2011:0200", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:0200" }, { "reference_url": "https://usn.ubuntu.com/1062-1/", "reference_id": "USN-1062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-0282" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxvk-vwan-ukak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3527?format=api", "vulnerability_id": "VCID-wc2t-bbf1-mua5", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10832", "scoring_system": "epss", "scoring_elements": "0.935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.10832", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.10832", "scoring_system": "epss", "scoring_elements": "0.9351", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3671" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187", "reference_id": "1024187", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024187" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267", "reference_id": "1024267", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024267" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140960", "reference_id": "2140960", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140960" }, { "reference_url": "https://web.mit.edu/kerberos/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://web.mit.edu/kerberos/advisories/" }, { "reference_url": "https://security.archlinux.org/AVG-2828", "reference_id": "AVG-2828", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2828" }, { "reference_url": "https://www.samba.org/samba/security/CVE-2022-42898.html", "reference_id": "CVE-2022-42898.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://www.samba.org/samba/security/CVE-2022-42898.html" }, { "reference_url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", "reference_id": "ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://github.com/krb5/krb5/commit/ea92d2f0fcceb54a70910fa32e9a0d7a5afc3583" }, { "reference_url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c", "reference_id": "GHSA-64mq-fvfj-5x3c", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://github.com/heimdal/heimdal/security/advisories/GHSA-64mq-fvfj-5x3c" }, { "reference_url": "https://security.gentoo.org/glsa/202309-06", "reference_id": "GLSA-202309-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.gentoo.org/glsa/202309-06" }, { "reference_url": "https://security.gentoo.org/glsa/202310-06", "reference_id": "GLSA-202310-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.gentoo.org/glsa/202310-06" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://web.mit.edu/kerberos/krb5-1.19/", "reference_id": "krb5-1.19", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://web.mit.edu/kerberos/krb5-1.19/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230216-0008/", "reference_id": "ntap-20230216-0008", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230216-0008/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230223-0001/", "reference_id": "ntap-20230223-0001", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230223-0001/" }, { "reference_url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt", "reference_id": "README-1.20.1.txt", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://web.mit.edu/kerberos/krb5-1.20/README-1.20.1.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8637", "reference_id": "RHSA-2022:8637", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8638", "reference_id": "RHSA-2022:8638", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8638" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8639", "reference_id": "RHSA-2022:8639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8640", "reference_id": "RHSA-2022:8640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8640" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8641", "reference_id": "RHSA-2022:8641", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8641" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8648", "reference_id": "RHSA-2022:8648", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8648" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8662", "reference_id": "RHSA-2022:8662", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8662" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8663", "reference_id": "RHSA-2022:8663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8669", "reference_id": "RHSA-2022:8669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:9029", "reference_id": "RHSA-2022:9029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:9029" }, { "reference_url": "https://bugzilla.samba.org/show_bug.cgi?id=15203", "reference_id": "show_bug.cgi?id=15203", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-14T16:11:12Z/" } ], "url": "https://bugzilla.samba.org/show_bug.cgi?id=15203" }, { "reference_url": "https://usn.ubuntu.com/5800-1/", "reference_id": "USN-5800-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5800-1/" }, { "reference_url": "https://usn.ubuntu.com/5822-1/", "reference_id": "USN-5822-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5822-1/" }, { "reference_url": "https://usn.ubuntu.com/5828-1/", "reference_id": "USN-5828-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5828-1/" }, { "reference_url": "https://usn.ubuntu.com/5936-1/", "reference_id": "USN-5936-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5936-1/" }, { "reference_url": "https://usn.ubuntu.com/7582-1/", "reference_id": "USN-7582-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7582-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2022-42898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc2t-bbf1-mua5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75028?format=api", "vulnerability_id": "VCID-xmhu-nkgw-kybr", "summary": "lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36054.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78377", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01096", "scoring_system": "epss", "scoring_elements": "0.78368", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36054" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431", "reference_id": "1043431", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1043431" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230178", "reference_id": "2230178", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2230178" }, { "reference_url": "https://web.mit.edu/kerberos/www/advisories/", "reference_id": "advisories", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://web.mit.edu/kerberos/www/advisories/" }, { "reference_url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd", "reference_id": "ef08b09c9459551aabbe7924fb176f1583053cdd", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd" }, { "reference_url": "https://security.gentoo.org/glsa/202405-11", "reference_id": "GLSA-202405-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202405-11" }, { "reference_url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final", "reference_id": "krb5-1.20.1-final...krb5-1.20.2-final", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final" }, { "reference_url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final", "reference_id": "krb5-1.21-final...krb5-1.21.1-final", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230908-0004/", "reference_id": "ntap-20230908-0004", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T13:57:00Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230908-0004/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6699", "reference_id": "RHSA-2023:6699", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6699" }, { "reference_url": "https://usn.ubuntu.com/6467-1/", "reference_id": "USN-6467-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6467-1/" }, { "reference_url": "https://usn.ubuntu.com/6467-2/", "reference_id": "USN-6467-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6467-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/538439?format=api", "purl": "pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5" } ], "aliases": [ "CVE-2023-36054" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmhu-nkgw-kybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4357?format=api", "vulnerability_id": "VCID-yejf-124s-hqgx", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.79965", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.7994", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01283", "scoring_system": "epss", "scoring_elements": "0.7997", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15088" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504045", "reference_id": "1504045", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504045" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698", "reference_id": "871698", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871698" }, { "reference_url": "https://security.archlinux.org/AVG-505", "reference_id": "AVG-505", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2017-15088" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yejf-124s-hqgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6467?format=api", "vulnerability_id": "VCID-yr93-awkm-v7ay", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-11368.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.72042", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.72049", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00681", "scoring_system": "epss", "scoring_elements": "0.72001", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-11368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11368" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:C" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473560", "reference_id": "1473560", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1473560" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260", "reference_id": "869260", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869260" }, { "reference_url": "https://security.archlinux.org/ASA-201710-8", "reference_id": "ASA-201710-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-8" }, { "reference_url": "https://security.archlinux.org/AVG-414", "reference_id": "AVG-414", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-414" }, { "reference_url": "https://security.archlinux.org/AVG-436", "reference_id": "AVG-436", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0666", "reference_id": "RHSA-2018:0666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0666" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6253?format=api", "purl": "pkg:deb/debian/krb5@1.17-3%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.17-3%252Bdeb10u4" } ], "aliases": [ "CVE-2017-11368" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr93-awkm-v7ay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74981?format=api", "vulnerability_id": "VCID-zv6f-cpbv-a7b7", "summary": "The krb5_ldap_lockout_audit function in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.8 through 1.8.4 and 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors, related to the locked_check_p function. NOTE: the Berkeley DB vector is covered by CVE-2011-4151.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1528.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05459", "scoring_system": "epss", "scoring_elements": "0.90354", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05459", "scoring_system": "epss", "scoring_elements": "0.9037", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05459", "scoring_system": "epss", "scoring_elements": "0.90368", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1528" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367", "reference_id": "646367", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=646367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711", "reference_id": "737711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=737711" }, { "reference_url": "https://security.gentoo.org/glsa/201201-13", "reference_id": "GLSA-201201-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201201-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:1379", "reference_id": "RHSA-2011:1379", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2011:1379" }, { "reference_url": "https://usn.ubuntu.com/1233-1/", "reference_id": "USN-1233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" } ], "aliases": [ "CVE-2011-1528" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zv6f-cpbv-a7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74996?format=api", "vulnerability_id": "VCID-zxdc-pv4q-myb6", "summary": "MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-4342.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08139", "scoring_system": "epss", "scoring_elements": "0.92317", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08139", "scoring_system": "epss", "scoring_elements": "0.92332", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.08139", "scoring_system": "epss", "scoring_elements": "0.92329", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4341" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4342" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4343" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4344" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4345" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120581", "reference_id": "1120581", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1120581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625", "reference_id": "753625", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1389", "reference_id": "RHSA-2014:1389", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1389" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0439", "reference_id": "RHSA-2015:0439", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0439" }, { "reference_url": "https://usn.ubuntu.com/2310-1/", "reference_id": "USN-2310-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2310-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6249?format=api", "purl": "pkg:deb/debian/krb5@1.10.1%2Bdfsg-5%2Bdeb7u7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1nn6-mr7d-wyhk" }, { "vulnerability": "VCID-2674-wgen-1qbk" }, { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3df1-58jr-e7gv" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-42rr-7ajf-eqg7" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-596a-s3un-vbbc" }, { "vulnerability": "VCID-6jnk-3rfw-nkh8" }, { "vulnerability": "VCID-7wnb-bhuv-tycp" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-bdmc-p544-bfg9" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-dbaq-qjd2-d7c9" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-esm3-3qwz-cud2" }, { "vulnerability": "VCID-f343-u3jt-pkfy" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j145-f5mp-xkeq" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-t96y-1vd2-fqe3" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-v4b9-7gb8-7kf7" }, { "vulnerability": "VCID-vq2w-pgev-f7ha" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" }, { "vulnerability": "VCID-zxdc-pv4q-myb6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.10.1%252Bdfsg-5%252Bdeb7u7" }, { "url": "http://public2.vulnerablecode.io/api/packages/6250?format=api", "purl": "pkg:deb/debian/krb5@1.12.1%2Bdfsg-19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tn3-dfqx-5yc9" }, { "vulnerability": "VCID-3d22-kr2u-tuck" }, { "vulnerability": "VCID-3tas-mucv-aufk" }, { "vulnerability": "VCID-4mm3-t6eu-4qde" }, { "vulnerability": "VCID-b6a9-hnjx-c3gk" }, { "vulnerability": "VCID-c5he-57zg-fybc" }, { "vulnerability": "VCID-e1xu-a882-s3ga" }, { "vulnerability": "VCID-ekzs-tuvp-ybfq" }, { "vulnerability": "VCID-fcy5-mv1a-n7dh" }, { "vulnerability": "VCID-fvfb-k9ar-93eu" }, { "vulnerability": "VCID-h23e-nhyz-8uda" }, { "vulnerability": "VCID-husp-fm64-nfa9" }, { "vulnerability": "VCID-j6qa-q1h1-3uaq" }, { "vulnerability": "VCID-jfhc-x8j6-yuab" }, { "vulnerability": "VCID-kwy5-x7m9-4qgt" }, { "vulnerability": "VCID-mbrk-dkua-uyeq" }, { "vulnerability": "VCID-pj93-uzpy-3bg1" }, { "vulnerability": "VCID-pq2d-33kw-ayb7" }, { "vulnerability": "VCID-py4d-vrgu-5ueu" }, { "vulnerability": "VCID-rgc3-hzw1-3bcp" }, { "vulnerability": "VCID-s1hu-g4ns-5ydy" }, { "vulnerability": "VCID-tg7a-etmk-6fea" }, { "vulnerability": "VCID-u4y9-vrsc-wbdy" }, { "vulnerability": "VCID-ukkj-tn8u-yuab" }, { "vulnerability": "VCID-vuzh-e7pz-fqgt" }, { "vulnerability": "VCID-wc2t-bbf1-mua5" }, { "vulnerability": "VCID-xmhu-nkgw-kybr" }, { "vulnerability": "VCID-yejf-124s-hqgx" }, { "vulnerability": "VCID-yr93-awkm-v7ay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-19" } ], "aliases": [ "CVE-2014-4342" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zxdc-pv4q-myb6" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.8.3%252Bdfsg-4squeeze11" }