{"url":"http://public2.vulnerablecode.io/api/packages/100727?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-20?distro=trixie","type":"deb","namespace":"debian","name":"krb5","version":"1.12.1+dfsg-20","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.13.2+dfsg-2","latest_non_vulnerable_version":"1.22.1-2.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/75008?format=json","vulnerability_id":"VCID-b6a9-hnjx-c3gk","summary":"The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2694.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2694","reference_id":"","reference_type":"","scores":[{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75903","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75929","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75921","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75907","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0089","scoring_system":"epss","scoring_elements":"0.75931","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2694"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2694"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216133","reference_id":"1216133","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1216133"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557","reference_id":"783557","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783557"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2154","reference_id":"RHSA-2015:2154","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2154"},{"reference_url":"https://usn.ubuntu.com/2810-1/","reference_id":"USN-2810-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2810-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/100727?format=json","purl":"pkg:deb/debian/krb5@1.12.1%2Bdfsg-20?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-20%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100669?format=json","purl":"pkg:deb/debian/krb5@1.18.3-6%2Bdeb11u5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.18.3-6%252Bdeb11u5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100667?format=json","purl":"pkg:deb/debian/krb5@1.20.1-2%2Bdeb12u4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.20.1-2%252Bdeb12u4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100671?format=json","purl":"pkg:deb/debian/krb5@1.21.3-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.21.3-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/100670?format=json","purl":"pkg:deb/debian/krb5@1.22.1-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.22.1-2.1%3Fdistro=trixie"}],"aliases":["CVE-2015-2694"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b6a9-hnjx-c3gk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/krb5@1.12.1%252Bdfsg-20%3Fdistro=trixie"}